Rapport zhpdiag
novice6433
Messages postés
54
Statut
Membre
-
2011N2 Messages postés 13379 Date d'inscription Statut Contributeur sécurité Dernière intervention -
2011N2 Messages postés 13379 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
je viens de passe zhpdiag sur mon ordi mais je ne sais pas l'interpréter. Pouvez vous m'aider. Merci d'avance.
voici le rapport :
~ Rapport de ZHPDiag v2013.8.18.261 - Nicolas Coolman (19/08/2013)
~ Lancé par xyzxyz (20/08/2013 12:36:31)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 23.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
CCleaner v4.03 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2045 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 78 GB (55%) free of 142 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-XYZXYZ
~ User Name: xyzxyz
~ All Users Names: xyzxyz, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\xyzxyz\AppData\Roaming\
~ %Desktop% : C:\Users\xyzxyz\Desktop\
~ %Favorites% : C:\Users\xyzxyz\Favorites\
~ %LocalAppData% : C:\Users\xyzxyz\AppData\Local\
~ %StartMenu% : C:\Users\xyzxyz\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 78 Go of 142 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 146 Go of 147 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 7 Go of 7 Go)
F:\ CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
~ Security Center: 35 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.6839F14A2507D9273BD13565DD880377] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2013 - 03:26:10.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/179
~ Mes musiques (My Musics) : 1/304
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 2/4226
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 1/66
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés au démarrage du système
[MD5.3F91D1056D2CEBEF374BE0E55428190A] - (.Cognizance Corporation - Global Virtual Card Host.) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe [65536] [PID.3596]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.4032]
[MD5.0AE3673E1C450359490CF47D6AA3AF7F] - (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176] [PID.972]
[MD5.94444693EA13A72F6820DFF844A1122E] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176] [PID.2512]
[MD5.C7C70AE1DE8F0FCC8F2431C5D15632DF] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [174872] [PID.2108]
[MD5.AF849798ECA383184C88ED436CF3EFB2] - (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776] [PID.2532]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968] [PID.1424]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3184]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3192]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3408]
[MD5.3E802CE450D0E7A234978E9A2EA4772A] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.exe [107816] [PID.3980]
[MD5.241B74792CC295DFDCB7940BBF52B226] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [677576] [PID.1576]
[MD5.4999625054FFA2AFFCAFD085C1218307] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [3611416] [PID.3176] =>Piriform Ltd
[MD5.760FD9037F8E98F5B9CB77891AACC8B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7831552] [PID.3528]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5712]
[MD5.C4D17F11526F87BC762F31DA5BD2580B] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 187.6.) -- C:\Windows\system32\nvvsvc.exe [219752] [PID.1092]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1452]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808] [PID.1872]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.992]
[MD5.DBAFC6734C054FEEF9087754BD80F847] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243] [PID.1408]
[MD5.582F2D900A3AC34C98FBDC2C0ABEF6B9] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [355096] [PID.2248]
[MD5.559C9B7800FAC92FC515CD0003D7C631] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2448]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.2544]
[MD5.04C1DCBB226C6AE647B794833CE3CEB6] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168] [PID.3092]
[MD5.2CEEB349216FEBD91A907013D4ABCFF7] - (.Hewlett-Packard - HP Health Check Service.) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984] [PID.4948]
~ Processes Running: Scanned in 00mn 03s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\prefs.js
M3 - MFPP: Plugins - [xyzxyz] -- C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\searchplugins\startpage-https---francais.xml
M0 - MFSP: prefs.js [xyzxyz - 5d16ixt7.default] www.freetelecom.fr
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 03s
~ Nombre de lignes (Lines number): 10584
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] . (.Cognizance Corporation - Terminal Services Virtual Channel Client.) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-1430075414-1570763820-2450149755-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop: Wordbiz.lnk . (.Internet Scrabble Club - Wordbiz.) -- C:\Program Files\WordBiz\WordBiz.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3C2686-FDD5-495A-9177-A9C3CF88A778}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D3C2686-FDD5-495A-9177-A9C3CF88A778}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EFECB41B-4609-497D-B1DA-0FDD4FBEF216}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{EFECB41B-4609-497D-B1DA-0FDD4FBEF216}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe (.not file.)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\xyzxyz\Documents\Dossier entier\dossier Photo Sarah\Photo 112.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\xyzxyz\Documents\Dossier entier\dossier Photo Sarah\Photo 112.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: VeriSoft Access Manager - (.Bioscrypt Inc..) [HKLM] -- {0ABA40AF-288D-41F1-B735-C5155692CD7D}
~ Logic: 81 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Yahoo] =>Toolbar.Yahoo
[HKCU\Software\Yahoo] =>Toolbar.Yahoo
[HKCU\Software\yahooinstall] =>Toolbar.Yahoo
[HKLM\Software\Yahoo] =>Toolbar.Yahoo
~ Key Software: 170 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/12/2007 - 19:12:07 - [17,991] ----D C:\Program Files\Bioscrypt
O43 - CFD: 19/05/2009 - 19:54:40 - [13,721] ----D C:\Program Files\CapAlpha
O43 - CFD: 30/12/2007 - 23:46:38 - [10,349] ----D C:\Program Files\SP38015
O43 - CFD: 10/08/2008 - 01:40:40 - [0] ----D C:\Users\xyzxyz\AppData\Roaming\VeriSoft Access Manager
O43 - CFD: 17/12/2009 - 15:30:47 - [1,791] ----D C:\Users\xyzxyz\AppData\Local\PokerStars.NET
~ 209 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 414 Legitimates Filtered in 00mn 08s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{d0688e78-e382-11de-b707-001b24d0b6c6}\AutoRun\command. (...) -- G:\InstallTomTomHOME.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 19/08/2013 - 11:05:19 ---A- C:\Users\xyzxyz\AppData\Roaming\OpenOffice\4\user\registrymodifications.xcu [37200]
~ 2 Fichiers temporaires (Temporary files)
~ Files: 5 Legitimates Filtered in 00mn 14s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (Lbd) .(...) - LEGACY_LBD
~ Legacy: 70 Legitimates Filtered in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {DAE1F01E-CDBA-4583-BDD0-F32DADF35661} [DefaultScope] - (Yahoo! France) - https://fr.search.yahoo.com/ =>Toolbar.Yahoo
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.25CB492EAF08F65EC4CB4409BEDE34E2] [SPRF][24/06/2009] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.6E05A7A738A120D1FB38EAA2B0F078E4] [SPRF][23/04/2010] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.E0E17D083043FF3B713FFC9A30D1E22C] [SPRF][20/08/2013] (...) -- C:\ProgramData\nvModes.dat [63174]
[MD5.418E9841D9F625FC098A7DB95CED83D9] [SPRF][17/06/2012] (...) -- C:\Users\xyzxyz\AppData\Local\d3d9caps.dat [680]
[MD5.CA56F21584E944979F7AA9F4F441553C] [SPRF][15/03/2009] (...) -- C:\Users\xyzxyz\AppData\Roaming\nvModes.dat [27430]
[MD5.91B8FC060C68BFEEA138BE4B2E5F3470] [SPRF][02/03/2011] (...) -- C:\Users\xyzxyz\AppData\Roaming\wklnhst.dat [146]
[MD5.9802B937DD7C102CC5F21E0D0979CE41] [SPRF][18/09/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r183.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3126944]
~ Files: Scanned in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "FA04ABA0D8821F147B535C516529DCD7" . (.VeriSoft Access Manager.) -- c:\Windows\Installer\{0ABA40AF-288D-41F1-B735-C5155692CD7D}\ARPPRODUCTICON.exe
~ Update Products: 73 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.FFCD50CB81E2B954A2230B2804C093F3] [WIS][26/07/2013] (.OpenOffice - OpenOffice 4.0.0.) -- C:\Windows\Installer\12271d1.msi [2237440]
[MD5.F1D60E720D993521FD97D17389656D0C] [WIS][16/04/2013] (.Google Inc. - Google Update Helper.) -- C:\Windows\Installer\24ad20.msi [22528]
[MD5.621D4C358391DDA183813CD6C2C40217] [WIS][13/04/2010] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\b0c15.msi [459264]
[MD5.00F9C6A45B2B6BBA364A469D828DF75D] [WIS][08/12/2007] (.Cognizance Corporation - Cognizance Identity Manager.) -- C:\Windows\Installer\fd518.msi [497664]
~ WIS: 77 Legitimates Filtered in 00mn 01s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/01/2008 21504 | c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (ASBroker) . (.Cognizance Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll (ASChannel) . (.Cognizance Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 262243 | (CLCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
SS - | Auto 106593 | (CLSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
SR - | Auto 14/03/2007 62984 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 02/05/2006 135168 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 12/02/2007 355096 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 14/12/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/10/2009 219752 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 12/02/2007 880640 | (RoxMediaDB9) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SS - | Demand 17/02/2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s
---\\ Recherche dinfection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by xyzxyz at 20/08/2013 12:38:22
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x83061916] >> \Device\Harddisk0\DR0[0x871B6730]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 28 Legitimates Filtered in 00mn 02s
---\\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by xyzxyz at 20/08/2013 12:38:24
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12859 - (19/08/2013)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}] =>Toolbar.Avast^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} =>Toolbar.Avast^
C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast^
[HKCU\Software\AppDataLow\Software\Yahoo] =>Toolbar.Yahoo^
[HKCU\Software\Yahoo] =>Toolbar.Yahoo^
[HKCU\Software\yahooinstall] =>Toolbar.Yahoo^
[HKLM\Software\Yahoo] =>Toolbar.Yahoo^
~ Additionnel Scan: 278511 Items scanned in 00mn 24s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/30898585-toolbar-avast =>Toolbar.Avast
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ MSI: 2 link(s) detected in 00mn 24s
~ 1338 Legitimates filtered by white list
End of the scan (469 lines in 02mn 17s)(0)
je viens de passe zhpdiag sur mon ordi mais je ne sais pas l'interpréter. Pouvez vous m'aider. Merci d'avance.
voici le rapport :
~ Rapport de ZHPDiag v2013.8.18.261 - Nicolas Coolman (19/08/2013)
~ Lancé par xyzxyz (20/08/2013 12:36:31)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 23.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
CCleaner v4.03 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2045 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 78 GB (55%) free of 142 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-XYZXYZ
~ User Name: xyzxyz
~ All Users Names: xyzxyz, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\xyzxyz\AppData\Roaming\
~ %Desktop% : C:\Users\xyzxyz\Desktop\
~ %Favorites% : C:\Users\xyzxyz\Favorites\
~ %LocalAppData% : C:\Users\xyzxyz\AppData\Local\
~ %StartMenu% : C:\Users\xyzxyz\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 78 Go of 142 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 146 Go of 147 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 7 Go of 7 Go)
F:\ CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
~ Security Center: 35 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.6839F14A2507D9273BD13565DD880377] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2013 - 03:26:10.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/179
~ Mes musiques (My Musics) : 1/304
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 2/4226
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 1/66
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés au démarrage du système
[MD5.3F91D1056D2CEBEF374BE0E55428190A] - (.Cognizance Corporation - Global Virtual Card Host.) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe [65536] [PID.3596]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.4032]
[MD5.0AE3673E1C450359490CF47D6AA3AF7F] - (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176] [PID.972]
[MD5.94444693EA13A72F6820DFF844A1122E] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176] [PID.2512]
[MD5.C7C70AE1DE8F0FCC8F2431C5D15632DF] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [174872] [PID.2108]
[MD5.AF849798ECA383184C88ED436CF3EFB2] - (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776] [PID.2532]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968] [PID.1424]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3184]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3192]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3408]
[MD5.3E802CE450D0E7A234978E9A2EA4772A] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.exe [107816] [PID.3980]
[MD5.241B74792CC295DFDCB7940BBF52B226] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [677576] [PID.1576]
[MD5.4999625054FFA2AFFCAFD085C1218307] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [3611416] [PID.3176] =>Piriform Ltd
[MD5.760FD9037F8E98F5B9CB77891AACC8B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7831552] [PID.3528]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5712]
[MD5.C4D17F11526F87BC762F31DA5BD2580B] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 187.6.) -- C:\Windows\system32\nvvsvc.exe [219752] [PID.1092]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1452]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808] [PID.1872]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.992]
[MD5.DBAFC6734C054FEEF9087754BD80F847] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243] [PID.1408]
[MD5.582F2D900A3AC34C98FBDC2C0ABEF6B9] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [355096] [PID.2248]
[MD5.559C9B7800FAC92FC515CD0003D7C631] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2448]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.2544]
[MD5.04C1DCBB226C6AE647B794833CE3CEB6] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168] [PID.3092]
[MD5.2CEEB349216FEBD91A907013D4ABCFF7] - (.Hewlett-Packard - HP Health Check Service.) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984] [PID.4948]
~ Processes Running: Scanned in 00mn 03s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\prefs.js
M3 - MFPP: Plugins - [xyzxyz] -- C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\searchplugins\startpage-https---francais.xml
M0 - MFSP: prefs.js [xyzxyz - 5d16ixt7.default] www.freetelecom.fr
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 03s
~ Nombre de lignes (Lines number): 10584
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] . (.Cognizance Corporation - Terminal Services Virtual Channel Client.) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-1430075414-1570763820-2450149755-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop: Wordbiz.lnk . (.Internet Scrabble Club - Wordbiz.) -- C:\Program Files\WordBiz\WordBiz.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3C2686-FDD5-495A-9177-A9C3CF88A778}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D3C2686-FDD5-495A-9177-A9C3CF88A778}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EFECB41B-4609-497D-B1DA-0FDD4FBEF216}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{EFECB41B-4609-497D-B1DA-0FDD4FBEF216}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe (.not file.)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\xyzxyz\Documents\Dossier entier\dossier Photo Sarah\Photo 112.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\xyzxyz\Documents\Dossier entier\dossier Photo Sarah\Photo 112.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: VeriSoft Access Manager - (.Bioscrypt Inc..) [HKLM] -- {0ABA40AF-288D-41F1-B735-C5155692CD7D}
~ Logic: 81 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Yahoo] =>Toolbar.Yahoo
[HKCU\Software\Yahoo] =>Toolbar.Yahoo
[HKCU\Software\yahooinstall] =>Toolbar.Yahoo
[HKLM\Software\Yahoo] =>Toolbar.Yahoo
~ Key Software: 170 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/12/2007 - 19:12:07 - [17,991] ----D C:\Program Files\Bioscrypt
O43 - CFD: 19/05/2009 - 19:54:40 - [13,721] ----D C:\Program Files\CapAlpha
O43 - CFD: 30/12/2007 - 23:46:38 - [10,349] ----D C:\Program Files\SP38015
O43 - CFD: 10/08/2008 - 01:40:40 - [0] ----D C:\Users\xyzxyz\AppData\Roaming\VeriSoft Access Manager
O43 - CFD: 17/12/2009 - 15:30:47 - [1,791] ----D C:\Users\xyzxyz\AppData\Local\PokerStars.NET
~ 209 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 414 Legitimates Filtered in 00mn 08s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{d0688e78-e382-11de-b707-001b24d0b6c6}\AutoRun\command. (...) -- G:\InstallTomTomHOME.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 19/08/2013 - 11:05:19 ---A- C:\Users\xyzxyz\AppData\Roaming\OpenOffice\4\user\registrymodifications.xcu [37200]
~ 2 Fichiers temporaires (Temporary files)
~ Files: 5 Legitimates Filtered in 00mn 14s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (Lbd) .(...) - LEGACY_LBD
~ Legacy: 70 Legitimates Filtered in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {DAE1F01E-CDBA-4583-BDD0-F32DADF35661} [DefaultScope] - (Yahoo! France) - https://fr.search.yahoo.com/ =>Toolbar.Yahoo
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.25CB492EAF08F65EC4CB4409BEDE34E2] [SPRF][24/06/2009] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.6E05A7A738A120D1FB38EAA2B0F078E4] [SPRF][23/04/2010] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.E0E17D083043FF3B713FFC9A30D1E22C] [SPRF][20/08/2013] (...) -- C:\ProgramData\nvModes.dat [63174]
[MD5.418E9841D9F625FC098A7DB95CED83D9] [SPRF][17/06/2012] (...) -- C:\Users\xyzxyz\AppData\Local\d3d9caps.dat [680]
[MD5.CA56F21584E944979F7AA9F4F441553C] [SPRF][15/03/2009] (...) -- C:\Users\xyzxyz\AppData\Roaming\nvModes.dat [27430]
[MD5.91B8FC060C68BFEEA138BE4B2E5F3470] [SPRF][02/03/2011] (...) -- C:\Users\xyzxyz\AppData\Roaming\wklnhst.dat [146]
[MD5.9802B937DD7C102CC5F21E0D0979CE41] [SPRF][18/09/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r183.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3126944]
~ Files: Scanned in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "FA04ABA0D8821F147B535C516529DCD7" . (.VeriSoft Access Manager.) -- c:\Windows\Installer\{0ABA40AF-288D-41F1-B735-C5155692CD7D}\ARPPRODUCTICON.exe
~ Update Products: 73 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.FFCD50CB81E2B954A2230B2804C093F3] [WIS][26/07/2013] (.OpenOffice - OpenOffice 4.0.0.) -- C:\Windows\Installer\12271d1.msi [2237440]
[MD5.F1D60E720D993521FD97D17389656D0C] [WIS][16/04/2013] (.Google Inc. - Google Update Helper.) -- C:\Windows\Installer\24ad20.msi [22528]
[MD5.621D4C358391DDA183813CD6C2C40217] [WIS][13/04/2010] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\b0c15.msi [459264]
[MD5.00F9C6A45B2B6BBA364A469D828DF75D] [WIS][08/12/2007] (.Cognizance Corporation - Cognizance Identity Manager.) -- C:\Windows\Installer\fd518.msi [497664]
~ WIS: 77 Legitimates Filtered in 00mn 01s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/01/2008 21504 | c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (ASBroker) . (.Cognizance Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll (ASChannel) . (.Cognizance Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 262243 | (CLCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
SS - | Auto 106593 | (CLSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
SR - | Auto 14/03/2007 62984 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 02/05/2006 135168 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 12/02/2007 355096 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 14/12/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/10/2009 219752 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 12/02/2007 880640 | (RoxMediaDB9) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SS - | Demand 17/02/2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s
---\\ Recherche dinfection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by xyzxyz at 20/08/2013 12:38:22
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x83061916] >> \Device\Harddisk0\DR0[0x871B6730]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 28 Legitimates Filtered in 00mn 02s
---\\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by xyzxyz at 20/08/2013 12:38:24
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12859 - (19/08/2013)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}] =>Toolbar.Avast^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} =>Toolbar.Avast^
C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast^
[HKCU\Software\AppDataLow\Software\Yahoo] =>Toolbar.Yahoo^
[HKCU\Software\Yahoo] =>Toolbar.Yahoo^
[HKCU\Software\yahooinstall] =>Toolbar.Yahoo^
[HKLM\Software\Yahoo] =>Toolbar.Yahoo^
~ Additionnel Scan: 278511 Items scanned in 00mn 24s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/30898585-toolbar-avast =>Toolbar.Avast
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ MSI: 2 link(s) detected in 00mn 24s
~ 1338 Legitimates filtered by white list
End of the scan (469 lines in 02mn 17s)(0)
A voir également:
- Rapport zhpdiag
- Zhpdiag - Télécharger - Informations & Diagnostic
- Plan rapport de stage - Guide
- Zhpdiag avis ✓ - Forum Virus
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant - Forum Excel
- Thème rapport de stage comptabilité - Forum Word
42 réponses
Re,
Ok, passe-le en suppression (point 2/ du tuto) puis en Host RAZ (point 3/), et poste les deux rapports.
Gabriel.
Ok, passe-le en suppression (point 2/ du tuto) puis en Host RAZ (point 3/), et poste les deux rapports.
Gabriel.
Re,
Tu as les 2 rapport ci-dessous :
RogueKiller V8.6.11 [Sep 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : xyzxyz [Droits d'admin]
Mode : Recherche -- Date : 09/13/2013 22:55:23
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[BROK VAL] HKCR\[...]\command : () -> MANQUANT
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1637GSX +++++
--- User ---
[MBR] 0ad3d4258de433381c5696baa08265a3
[BSP] db3b60937f766497f27f156bc053ff47 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 144992 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 296945460 | Size: 7632 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: TOSHIBA MK1637GSX +++++
--- User ---
[MBR] a81d8e8f343e9c490941424166501a9a
[BSP] b220868c05d754090620817c484adde9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 150068 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 307339515 | Size: 2557 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_S_09132013_225523.txt >>
RKreport[0]_S_09132013_220753.txt
RogueKiller V8.6.11 [Sep 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : xyzxyz [Droits d'admin]
Mode : HOSTS RAZ -- Date : 09/13/2013 22:56:21
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ Nouveau fichier HOSTS: ¤¤¤
127.0.0.1 localhost
Termine : << RKreport[0]_H_09132013_225621.txt >>
RKreport[0]_D_09132013_225529.txt;RKreport[0]_S_09132013_220753.txt;RKreport[0]_S_09132013_225523.txt
Tu as les 2 rapport ci-dessous :
RogueKiller V8.6.11 [Sep 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : xyzxyz [Droits d'admin]
Mode : Recherche -- Date : 09/13/2013 22:55:23
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[BROK VAL] HKCR\[...]\command : () -> MANQUANT
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1637GSX +++++
--- User ---
[MBR] 0ad3d4258de433381c5696baa08265a3
[BSP] db3b60937f766497f27f156bc053ff47 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 144992 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 296945460 | Size: 7632 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: TOSHIBA MK1637GSX +++++
--- User ---
[MBR] a81d8e8f343e9c490941424166501a9a
[BSP] b220868c05d754090620817c484adde9 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 150068 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 307339515 | Size: 2557 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_S_09132013_225523.txt >>
RKreport[0]_S_09132013_220753.txt
RogueKiller V8.6.11 [Sep 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : xyzxyz [Droits d'admin]
Mode : HOSTS RAZ -- Date : 09/13/2013 22:56:21
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ Nouveau fichier HOSTS: ¤¤¤
127.0.0.1 localhost
Termine : << RKreport[0]_H_09132013_225621.txt >>
RKreport[0]_D_09132013_225529.txt;RKreport[0]_S_09132013_220753.txt;RKreport[0]_S_09132013_225523.txt
Re,
C'est ok pour le second mais en revanche le premier tu m'as posté un rapport de recherche ?
Gabriel.
C'est ok pour le second mais en revanche le premier tu m'as posté un rapport de recherche ?
Gabriel.
Bonjour Gabriel,
Tu as ci-dessous le rapport de suppression. Merci encore pour ton aide
RogueKiller V8.6.11 [Sep 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : xyzxyz [Droits d'admin]
Mode : Suppression -- Date : 09/13/2013 22:55:29
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REMPLACÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REMPLACÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[BROK VAL] HKCR\[...]\command : () -> CRÉÉ ("%1" %*)
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
Tu as ci-dessous le rapport de suppression. Merci encore pour ton aide
RogueKiller V8.6.11 [Sep 11 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : xyzxyz [Droits d'admin]
Mode : Suppression -- Date : 09/13/2013 22:55:29
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REMPLACÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REMPLACÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[BROK VAL] HKCR\[...]\command : () -> CRÉÉ ("%1" %*)
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
Rien de méchant?...
après m'être fais piquer 2 adresses mails...
Merci encore pour ton aide.
Que faut-l faire maintenant?
Rien de méchant?...
après m'être fais piquer 2 adresses mails...
Merci encore pour ton aide.
Que faut-l faire maintenant?
Re,
Oui dont une importante, celle de mon boulot.
J'ai perdu tous les contacts et des documents confidentiels...
Oui dont une importante, celle de mon boulot.
J'ai perdu tous les contacts et des documents confidentiels...
Re,
Oui je comprends c'est très embêtant...
Tu te connectes via plusieurs ordinateurs à ces mails ?
Gabriel.
Oui je comprends c'est très embêtant...
Tu te connectes via plusieurs ordinateurs à ces mails ?
Gabriel.
Bonsoir,
Non, toujours le même poste...
Et un poste corrompu le restera toujours, ça c'est une vérité absolue.
Il me manque juste les derniers éléments pour LOGER/LOGUER les fouineurs dans mes boites mail, dont un est un ex-voisin... le reste c'est trop mignon...
Merci encore pour ton aide
Non, toujours le même poste...
Et un poste corrompu le restera toujours, ça c'est une vérité absolue.
Il me manque juste les derniers éléments pour LOGER/LOGUER les fouineurs dans mes boites mail, dont un est un ex-voisin... le reste c'est trop mignon...
Merci encore pour ton aide
Bonjour,
Bizarre.
Fais ceci et poste les 2 rapports hébergés : http://www.forum-entraide-informatique.com/support/farbar-recovery-scan-tool-tutoriel-t8805.html
Gabriel.
Bizarre.
Fais ceci et poste les 2 rapports hébergés : http://www.forum-entraide-informatique.com/support/farbar-recovery-scan-tool-tutoriel-t8805.html
Gabriel.
Bonsoir,
Voici les 2 rapports. Merci encore pour ton aide.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013
Ran by xyzxyz (administrator) on PC-DE-XYZXYZ on 23-09-2013 19:49:38
Running aC:\Users\xyzxyz\Downloads
Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] - rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [] - [x]
HKLM\...\Run: [avast5] - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000
MountPoints2: {d0688e78-e382-11de-b707-001b24d0b6c6} - G:\InstallTomTomHOME.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Lsa: [Notification Packages] scecli ASWLNPkg
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {DAE1F01E-CDBA-4583-BDD0-F32DADF35661} URL = https://fr.search.yahoo.com/web{searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - DefaultScope {DAE1F01E-CDBA-4583-BDD0-F32DADF35661} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241
FireFox:
========
FF ProfilePath: C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default
FF DefaultSearchEngine: Startpage HTTPS - Francais
FF SelectedSearchEngine: Startpage HTTPS - Francais
FF Homepage: www.freetelecom.fr
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\searchplugins\startpage-https---francais.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: firefox - C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
========================== Services (Whitelisted) =================
R2 ASBroker; c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation)
R2 ASChannel; c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll [131584 2006-06-22] (Cognizance Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-23] ()
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-23] ()
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140424 2007-03-28] (AuthenTec, Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [361728 2007-01-29] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [39680 2007-01-29] (eMPIA Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\aswFsBlk.sys B9FE438B3CAD82B2014710349A2022F7
C:\Windows\system32\drivers\aswMonFlt.sys AE5549DD21F6DE06406031EF1D51ACC3
C:\Windows\System32\Drivers\aswRdr.sys D084D0A7A66619FC29776CBBB9D5FA55
C:\Windows\System32\Drivers\aswRvrt.sys FA72FA503F580C3C628DD8C7D7622E37
C:\Windows\System32\Drivers\aswSnx.sys 4D53349D848C6BADB3D4ACBE98C27676
C:\Windows\System32\Drivers\aswSP.sys 813024DFD54A41B3AFAE2B1E2796CB80
C:\Windows\System32\Drivers\aswTdi.sys 5E18413310134130D7772F0668698CB7
C:\Windows\System32\Drivers\aswVmm.sys A5F637D61719D37A5B4868C385E363C0
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DRIVERS\ATSwpDrv.sys FB2162AFF83D519CD77431A1BC5EE0ED
C:\Windows\System32\DRIVERS\bcmwl6.sys CF6A67C90951E3E763D2135DEDE44B85
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys 6D39C954799B63BA866910234CF7D726
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 5904EFA25F829BF84EA6FB045134A1D8
C:\Windows\System32\Drivers\BTHport.sys 611FF3F2F095C8D4A6D4CFD9DCC09793
C:\Windows\System32\Drivers\BTHUSB.sys D330803EAB2A15CAEC7F011F1D4CB30E
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DRIVERS\Dot4.sys 4F59C172C094E1A1D46463A8DC061CBD
C:\Windows\System32\DRIVERS\Dot4Prt.sys 80BF3BA09F6F2523C8F6B7CC6DBF7BD5
C:\Windows\System32\DRIVERS\dot4usb.sys C55004CA6B419B6695970DFE849B122F
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5DE0FAEC9E5D1AAE74F8568897891A01
C:\Windows\System32\DRIVERS\e100b325.sys C0B00E55CF82D122D25983C7A6A53DEA
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\eabfiltr.sys E88B0CFCECF745211BBA87F44F85D0DD
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cpqbttn.sys 93AEE3434935FC2F805FEFD8DC5ED1B4
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTAZL3.SYS 46D67209550973257601A533E2AC5785
C:\Windows\System32\DRIVERS\VSTDPV3.SYS ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\DRIVERS\igdkmd32.sys 496DB78E6A0C4C44023D9A92B4A7AC31
C:\Windows\System32\DRIVERS\iaStor.sys FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 8D7EB1FD498FD0A34C95A298685EC1C7
C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\drivers\MODEMCSA.sys CBB59C41F19EFEA1A000793E08070A62
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\System32\DRIVERS\NETw4v32.sys 1D73499A6664B4DA05D750FF83FDB274
C:\Windows\System32\DRIVERS\NETw5v32.sys 8DE67BD902095A13329FD82C85A1FA09
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\DRIVERS\nvlddmkm.sys 24000B817CC84AC1555F41929879AF5A
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\DRIVERS\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys D86B4A68565E444D76457F14172C875A
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rfcomm.sys 6482707F9F4DA0ECBAB43B2E0398A101
C:\Windows\System32\DRIVERS\rimmptsk.sys 355AAC141B214BEF1DBC1483AFD9BD50
C:\Windows\System32\DRIVERS\rimsptsk.sys A4216C71DD4F60B26418CCFD99CD0815
C:\Windows\System32\DRIVERS\rixdptsk.sys C663AF77E2F4EABF8EB08B388D2F1F36
C:\Windows\System32\DRIVERS\Rtlh86.sys 283392AF1860ECDB5E0F8EBD7F3D72DF
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 8F36B54688C31EED4580129040C6A3D3
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\DRIVERS\smserial.sys 859E3ADC59D1C89A66AA6492C14D379E
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 6DD49E1A5FA0F01824652F1A0A8866FB
C:\Windows\System32\drivers\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\DRIVERS\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\emBDA.sys 9B01CE1EDA6AD1ACFD4F865D6CB0A790
C:\Windows\System32\DRIVERS\emOEM.sys C93E4F6BD1CBD163662E7C9BE021B895
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B
C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\Drivers\usbvideo.sys E67998E8F14CB0627A769F6530BCB352
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-23 19:49 - 2013-09-23 19:49 - 00000000 ____D C:\FRST
2013-09-23 19:47 - 2013-09-23 19:48 - 01088367 _____ (Farbar) C:\Users\xyzxyz\Downloads\FRST.exe
2013-09-20 09:50 - 2013-09-23 19:49 - 00013461 _____ C:\Windows\WindowsUpdate.log
2013-09-11 10:26 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 10:26 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 10:26 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 10:26 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 10:26 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 10:26 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 10:26 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 10:26 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 10:26 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 10:26 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 10:26 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 10:26 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 10:26 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 10:26 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 10:25 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 10:25 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 10:22 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:22 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-03 18:03 - 2013-09-03 18:06 - 00000000 ____D C:\Program Files\WordBiz
2013-09-03 18:03 - 2013-09-03 18:03 - 00000790 _____ C:\Users\xyzxyz\Desktop\Wordbiz.lnk
2013-09-03 18:03 - 2013-09-03 18:03 - 00000000 ____D C:\Users\xyzxyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordBiz
2013-08-28 17:13 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
==================== One Month Modified Files and Folders =======
2013-09-23 19:49 - 2013-09-23 19:49 - 00000000 ____D C:\FRST
2013-09-23 19:49 - 2013-09-20 09:50 - 00013461 _____ C:\Windows\WindowsUpdate.log
2013-09-23 19:48 - 2013-09-23 19:47 - 01088367 _____ (Farbar) C:\Users\xyzxyz\Downloads\FRST.exe
2013-09-23 19:08 - 2013-04-16 11:03 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-23 17:51 - 2006-11-02 14:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 17:51 - 2006-11-02 14:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 11:59 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-09-23 11:52 - 2013-04-16 11:03 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-23 11:52 - 2009-08-27 23:42 - 00063174 _____ C:\ProgramData\nvModes.dat
2013-09-23 11:52 - 2009-08-27 23:42 - 00063174 _____ C:\ProgramData\nvModes.001
2013-09-23 11:51 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 00:23 - 2008-04-27 23:13 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-09-23 00:23 - 2006-11-02 15:01 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-13 11:54 - 2013-08-20 12:22 - 00000000 ____D C:\Program Files\ZHPDiag
2013-09-13 11:54 - 2013-07-14 21:57 - 00000512 _____ C:\PhysicalDisk0_MBR.bin
2013-09-13 11:51 - 2013-08-20 12:22 - 00000000 ____D C:\ZHP
2013-09-13 11:48 - 2013-08-20 12:22 - 00001770 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2013-09-13 11:48 - 2013-08-20 12:22 - 00001647 _____ C:\Users\Public\Desktop\ZHPDiag.lnk
2013-09-12 21:36 - 2012-08-02 19:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-12 21:36 - 2012-08-02 19:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 10:25 - 2013-07-11 12:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 10:23 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-09 23:22 - 2006-11-02 12:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-06 23:58 - 2013-02-10 15:11 - 00000806 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-06 23:58 - 2013-02-10 15:11 - 00000000 ____D C:\Program Files\CCleaner
2013-09-06 21:29 - 2013-02-10 20:26 - 00000000 ____D C:\Users\xyzxyz\Documents\Management
2013-09-03 18:06 - 2013-09-03 18:03 - 00000000 ____D C:\Program Files\WordBiz
2013-09-03 18:03 - 2013-09-03 18:03 - 00000790 _____ C:\Users\xyzxyz\Desktop\Wordbiz.lnk
2013-09-03 18:03 - 2013-09-03 18:03 - 00000000 ____D C:\Users\xyzxyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordBiz
2013-09-02 12:51 - 2010-04-11 13:23 - 00000000 ____D C:\Users\xyzxyz\Documents\Mes numérisations
2013-09-02 12:16 - 2011-04-09 23:54 - 00000000 ___RD C:\Users\xyzxyz\Documents\Notes
2013-09-02 10:43 - 2006-11-02 12:33 - 01525940 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-01 17:05 - 2013-07-06 22:12 - 00000000 ____D C:\Users\xyzxyz\AppData\Roaming\vlc
2013-08-30 09:48 - 2013-03-27 00:06 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-03-27 00:06 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2011-05-17 18:49 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2009-03-21 13:22 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2009-03-21 13:22 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2009-03-21 13:22 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2009-03-21 13:22 - 00049760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-08-30 09:48 - 2009-03-21 13:22 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2010-06-30 11:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 09:47 - 2009-03-21 13:22 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== BCD ================================
Gestionnaire de d'marrage Windows
---------------------------------
identificateur {bootmgr}
device partition=C:
description Windows Boot Manager
locale fr-FR
inherit {globalsettings}
default {current}
resumeobject {c56a6da9-5d71-11da-848b-0016d303c81e}
displayorder {current}
{7aee936f-6cb6-11de-836b-001b24d0b6c6}
toolsdisplayorder {memdiag}
timeout 10
resume No
Chargeur de d'marrage Windows
-----------------------------
identificateur {572bcd55-ffa7-11d9-aae2-0007e994107d}
device ramdisk=[E:]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description HP Recovery Manager
osdevice ramdisk=[E:]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes
Chargeur de d'marrage Windows
-----------------------------
identificateur {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale fr-FR
inherit {bootloadersettings}
recoverysequence {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c56a6da9-5d71-11da-848b-0016d303c81e}
nx OptIn
Reprendre ... partir de la mise en veille prolong'e
-------------------------------------------------
identificateur {c56a6da9-5d71-11da-848b-0016d303c81e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale fr-FR
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Testeur de m'moire Windows
--------------------------
identificateur {memdiag}
device partition=C:
path \boot\memtest.exe
description Diagnostics m'moire Windows
locale fr-FR
inherit {globalsettings}
badmemoryaccess Yes
Secteur de d'marrage en mode r'el
---------------------------------
identificateur {7aee936f-6cb6-11de-836b-001b24d0b6c6}
device partition=C:
path \ubuntu\winboot\wubildr.mbr
description Ubuntu
ParamStres EMS
--------------
identificateur {emssettings}
bootems Yes
ParamStres du d'bogueur
-----------------------
identificateur {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
Erreurs de m'moire RAM
----------------------
identificateur {badmemory}
ParamStres globaux
------------------
identificateur {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
ParamStres du chargeur de d'marrage
-----------------------------------
identificateur {bootloadersettings}
inherit {globalsettings}
ParamStres du chargeur de reprise
---------------------------------
identificateur {resumeloadersettings}
inherit {globalsettings}
Options Ramdisk du programme d'installation
-------------------------------------------
identificateur {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \boot\boot.sdi
LastRegBack: 2013-09-23 12:00
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-09-2013
Ran by xyzxyz at 2013-09-23 19:50:29
Running from C:\Users\xyzxyz\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.8) - Français (Version: 10.1.8)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.7.0.62)
avast! Free Antivirus (Version: 8.0.1497.0)
BufferChm (Version: 130.0.331.000)
CCleaner (Version: 4.05)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DJ_AIO_06_F2400_SW_Min (Version: 130.0.373.000)
ESU for Microsoft Vista (Version: 2.0.3.1)
F2400 (Version: 130.0.373.000)
Google Update Helper (Version: 1.3.21.135)
GPBaseService2 (Version: 130.0.371.000)
Hewlett-Packard Active Check (Version: 1.1.7.0)
Hewlett-Packard Asset Agent (Version: 2.0.58.0)
HP Active Support Library (Version: 2.0.9.1)
HP Active Support Library 32 bit components (Version: 1.0.9)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Doc Viewer (Version: 1.01.0005)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Quick Launch Buttons 6.20 B1 (Version: 6.20 B1)
HP QuickPlay 3.2
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HP User Guides 0056 (Version: 1.02.0000)
HP Wireless Assistant (Version: 3.00 F1)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
InfraRecorder
Intel Matrix Storage Manager
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LightScribe 1.4.136.1 (Version: 1.4.136.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - fra (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile FRA Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0822)
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (Version: 4.0.30319)
Montpellier Business Plan Classic (Version: 2.3.0.332)
Motorola SM56 Speakerphone Modem (Version: 6.12.25.06)
Mozilla Firefox 23.0.1 (x86 fr) (Version: 23.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Notepad++
NVIDIA Drivers (Version: 1.10)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice 4.0.0 (Version: 4.00.9702)
PVSonyDll (Version: 1.00.0001)
Realtek High Definition Audio Driver (Version: 6.0.1.5384)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.551)
Scan (Version: 13.0.0.0)
Segoe UI (Version: 15.4.2271.0615)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Ubuntu (Version: 9.04-rev128)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VeriSoft Access Manager (Version: 2.1.2.880.15)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 2.0.7 (Version: 2.0.7)
WebReg (Version: 130.0.132.017)
Windows Live (Version: 15.4.3502.0922)
Windows Live (Version: 15.4.3555.0308)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WordBiz 1.8.7
ZHPDiag 2013 (Version: 2013)
==================== Restore Points =========================
13-09-2013 12:19:14 Point de contrôle planifié
14-09-2013 12:32:25 Point de contrôle planifié
16-09-2013 10:29:00 Point de contrôle planifié
17-09-2013 08:48:31 Windows Update
18-09-2013 10:53:52 Point de contrôle planifié
19-09-2013 11:59:00 Point de contrôle planifié
20-09-2013 09:56:58 Point de contrôle planifié
21-09-2013 11:49:42 Point de contrôle planifié
22-09-2013 11:56:29 Point de contrôle planifié
23-09-2013 12:03:11 Point de contrôle planifié
==================== Hosts content: ==========================
2006-11-02 12:23 - 2013-09-13 22:56 - 00000741 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0AE353CC-1179-4738-B0A4-C51194DEC726} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {1BC035A8-63A4-4D10-996A-E12AB981F376} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12] (Hewlett-Packard)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {25FD7B95-1295-4730-87D8-B99586E45CE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {8E71A138-4DC0-4199-B4BB-2A5D6BC7E1C3} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {907A97BD-1F6E-47FA-B050-CD09A42A7FD0} - System32\Tasks\Microsoft\Windows\RestartManager\{9AA5BBBD-D423-4efb-B1E7-45561E3F597B} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {A8FF1D2E-5FE3-4C64-A6DD-B59A5EDCB3C8} - System32\Tasks\Microsoft\Windows\RestartManager\{F8C101FB-A950-4770-873C-EE55896836BE} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {CA51E2B0-2E0B-48D8-8560-B7272FA38E4A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E9DB1458-71FF-42C3-9256-4D346C517F18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {F22D7A30-311D-4389-86CE-842AF7C92F60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2006-12-05 22:07 - 2006-12-05 22:07 - 00581120 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItMsg.dll
2006-12-01 21:02 - 2006-12-01 21:02 - 00205336 ____R (Bioscrypt Inc.) c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWallet.dll
2007-01-19 18:31 - 2007-01-19 18:31 - 00013312 ____R (Bioscrypt Inc.) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\ASWallet.dll
2007-02-02 22:28 - 2007-02-02 22:28 - 00405504 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItSSO.dll
2005-12-29 02:42 - 2005-12-29 02:42 - 00129024 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\RasAdmin.dll
2007-01-18 19:09 - 2007-01-18 19:09 - 00158720 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItReports.DLL
2006-03-13 21:37 - 2006-03-13 21:37 - 00015360 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\RasAdmin.dll
2005-11-07 02:32 - 2005-11-07 02:32 - 00137728 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\PkiAdmin.dll
2006-01-12 03:54 - 2006-01-12 03:54 - 00151552 ____R (Bioscrypt Inc.) c:\Program Files\Bioscrypt\VeriSoft\bin\brand.dll
2006-02-14 19:30 - 2006-02-14 19:30 - 00003072 ____R (Bioscrypt Inc.) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\brand.dll
2007-01-19 18:19 - 2007-01-19 18:19 - 00204288 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\ItMsg.dll
2006-03-13 21:37 - 2006-03-13 21:37 - 00010752 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\PkiAdmin.dll
2006-11-10 18:02 - 2006-11-10 18:02 - 00120320 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItVCClient.dll
2007-01-12 16:37 - 2007-01-12 16:37 - 00293376 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItVCard.dll
2007-02-01 22:42 - 2007-02-01 22:42 - 00222720 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItAPS.dll
2006-07-13 07:55 - 2006-07-13 07:55 - 00056832 ____R (Cognizance Corporation) C:\Windows\system32\APSHook.dll
2007-01-22 15:33 - 2007-01-22 15:33 - 00010752 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\ItAPS.dll
2007-02-15 22:43 - 2007-02-15 22:43 - 00222720 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\TrayIcon.dll
2007-02-13 00:32 - 2007-02-13 00:32 - 00552960 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\BioAuth.dll
2007-01-19 15:56 - 2007-01-19 15:56 - 00022528 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\BioAuth.dll
2006-06-22 09:14 - 2006-06-22 09:14 - 00131584 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll
2007-02-20 14:45 - 2007-02-20 14:45 - 00172032 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\NetAdmin.dll
2007-01-19 15:59 - 2007-01-19 15:59 - 00018432 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\NetAdmin.dll
2006-12-08 16:01 - 2006-12-08 16:01 - 00214528 _____ (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\SSOMngr.dll
2006-11-16 16:13 - 2006-11-16 16:13 - 00027136 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\SSOMngr.dll
2006-12-05 17:35 - 2006-12-05 17:35 - 00296448 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ittal.dll
2007-02-21 00:43 - 2007-02-21 00:43 - 00475136 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItDAC.dll
2006-12-05 00:31 - 2006-12-05 00:31 - 00090112 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll
2007-02-07 01:11 - 2007-02-07 01:11 - 00025088 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ASBioAT.dll
2007-03-06 13:04 - 2007-03-06 13:04 - 01203776 _____ (AuthenTec, Inc.) C:\Windows\system32\ATSC70.dll
2007-05-01 12:27 - 2009-10-03 06:02 - 01063016 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2007-05-01 12:27 - 2009-10-03 06:02 - 07716456 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2006-11-24 03:27 - 2006-11-24 03:27 - 00024576 _____ (Burgaud.com) C:\Program Files\Notepad++\nppcm.dll
2010-04-14 20:51 - 2010-01-21 17:05 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2006-11-02 14:35 - 2006-11-02 14:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2007-06-25 22:53 - 2007-04-23 18:10 - 00061440 _____ () C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
2013-08-22 00:27 - 2013-08-22 00:27 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-08-26 11:44:41.269
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:41.019
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:40.769
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:40.520
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:40.270
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:40.021
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:39.709
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:39.459
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:39.209
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:38.960
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 2045.68 MB
Available physical RAM: 1044.4 MB
Total Pagefile: 4338.36 MB
Available Pagefile: 3257.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.45 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:141.59 GB) (Free:78.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:146.55 GB) (Free:146.28 GB) NTFS
Drive e: () (Fixed) (Total:7.45 GB) (Free:7.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: BAA2CA2B)
Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 4398E41E)
Partition 1: (Not Active) - (Size=147 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=05)
==================== End Of Log ============================
Voici les 2 rapports. Merci encore pour ton aide.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013
Ran by xyzxyz (administrator) on PC-DE-XYZXYZ on 23-09-2013 19:49:38
Running aC:\Users\xyzxyz\Downloads
Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [HP Health Check Scheduler] - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [50696 2007-03-12] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] - rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [] - [x]
HKLM\...\Run: [avast5] - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000
MountPoints2: {d0688e78-e382-11de-b707-001b24d0b6c6} - G:\InstallTomTomHOME.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Lsa: [Notification Packages] scecli ASWLNPkg
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {DAE1F01E-CDBA-4583-BDD0-F32DADF35661} URL = https://fr.search.yahoo.com/web{searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - DefaultScope {DAE1F01E-CDBA-4583-BDD0-F32DADF35661} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 212.27.40.240 212.27.40.241
FireFox:
========
FF ProfilePath: C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default
FF DefaultSearchEngine: Startpage HTTPS - Francais
FF SelectedSearchEngine: Startpage HTTPS - Francais
FF Homepage: www.freetelecom.fr
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\searchplugins\startpage-https---francais.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: firefox - C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
========================== Services (Whitelisted) =================
R2 ASBroker; c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation)
R2 ASChannel; c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll [131584 2006-06-22] (Cognizance Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-23] ()
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-23] ()
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984 2007-03-14] (Hewlett-Packard)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140424 2007-03-28] (AuthenTec, Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [361728 2007-01-29] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [39680 2007-01-29] (eMPIA Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\aswFsBlk.sys B9FE438B3CAD82B2014710349A2022F7
C:\Windows\system32\drivers\aswMonFlt.sys AE5549DD21F6DE06406031EF1D51ACC3
C:\Windows\System32\Drivers\aswRdr.sys D084D0A7A66619FC29776CBBB9D5FA55
C:\Windows\System32\Drivers\aswRvrt.sys FA72FA503F580C3C628DD8C7D7622E37
C:\Windows\System32\Drivers\aswSnx.sys 4D53349D848C6BADB3D4ACBE98C27676
C:\Windows\System32\Drivers\aswSP.sys 813024DFD54A41B3AFAE2B1E2796CB80
C:\Windows\System32\Drivers\aswTdi.sys 5E18413310134130D7772F0668698CB7
C:\Windows\System32\Drivers\aswVmm.sys A5F637D61719D37A5B4868C385E363C0
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DRIVERS\ATSwpDrv.sys FB2162AFF83D519CD77431A1BC5EE0ED
C:\Windows\System32\DRIVERS\bcmwl6.sys CF6A67C90951E3E763D2135DEDE44B85
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys 6D39C954799B63BA866910234CF7D726
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 5904EFA25F829BF84EA6FB045134A1D8
C:\Windows\System32\Drivers\BTHport.sys 611FF3F2F095C8D4A6D4CFD9DCC09793
C:\Windows\System32\Drivers\BTHUSB.sys D330803EAB2A15CAEC7F011F1D4CB30E
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DRIVERS\Dot4.sys 4F59C172C094E1A1D46463A8DC061CBD
C:\Windows\System32\DRIVERS\Dot4Prt.sys 80BF3BA09F6F2523C8F6B7CC6DBF7BD5
C:\Windows\System32\DRIVERS\dot4usb.sys C55004CA6B419B6695970DFE849B122F
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5DE0FAEC9E5D1AAE74F8568897891A01
C:\Windows\System32\DRIVERS\e100b325.sys C0B00E55CF82D122D25983C7A6A53DEA
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\eabfiltr.sys E88B0CFCECF745211BBA87F44F85D0DD
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cpqbttn.sys 93AEE3434935FC2F805FEFD8DC5ED1B4
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTAZL3.SYS 46D67209550973257601A533E2AC5785
C:\Windows\System32\DRIVERS\VSTDPV3.SYS ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\DRIVERS\igdkmd32.sys 496DB78E6A0C4C44023D9A92B4A7AC31
C:\Windows\System32\DRIVERS\iaStor.sys FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 8D7EB1FD498FD0A34C95A298685EC1C7
C:\Windows\system32\drivers\intelide.sys 97469037714070E45194ED318D636401
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\drivers\MODEMCSA.sys CBB59C41F19EFEA1A000793E08070A62
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\System32\DRIVERS\NETw4v32.sys 1D73499A6664B4DA05D750FF83FDB274
C:\Windows\System32\DRIVERS\NETw5v32.sys 8DE67BD902095A13329FD82C85A1FA09
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\DRIVERS\nvlddmkm.sys 24000B817CC84AC1555F41929879AF5A
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\DRIVERS\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys D86B4A68565E444D76457F14172C875A
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rfcomm.sys 6482707F9F4DA0ECBAB43B2E0398A101
C:\Windows\System32\DRIVERS\rimmptsk.sys 355AAC141B214BEF1DBC1483AFD9BD50
C:\Windows\System32\DRIVERS\rimsptsk.sys A4216C71DD4F60B26418CCFD99CD0815
C:\Windows\System32\DRIVERS\rixdptsk.sys C663AF77E2F4EABF8EB08B388D2F1F36
C:\Windows\System32\DRIVERS\Rtlh86.sys 283392AF1860ECDB5E0F8EBD7F3D72DF
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 8F36B54688C31EED4580129040C6A3D3
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\DRIVERS\smserial.sys 859E3ADC59D1C89A66AA6492C14D379E
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 6DD49E1A5FA0F01824652F1A0A8866FB
C:\Windows\System32\drivers\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\DRIVERS\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\emBDA.sys 9B01CE1EDA6AD1ACFD4F865D6CB0A790
C:\Windows\System32\DRIVERS\emOEM.sys C93E4F6BD1CBD163662E7C9BE021B895
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B
C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\Drivers\usbvideo.sys E67998E8F14CB0627A769F6530BCB352
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-23 19:49 - 2013-09-23 19:49 - 00000000 ____D C:\FRST
2013-09-23 19:47 - 2013-09-23 19:48 - 01088367 _____ (Farbar) C:\Users\xyzxyz\Downloads\FRST.exe
2013-09-20 09:50 - 2013-09-23 19:49 - 00013461 _____ C:\Windows\WindowsUpdate.log
2013-09-11 10:26 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 10:26 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 10:26 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 10:26 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 10:26 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 10:26 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 10:26 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 10:26 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 10:26 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 10:26 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 10:26 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 10:26 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 10:26 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 10:26 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 10:25 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 10:25 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 10:22 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:22 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-03 18:03 - 2013-09-03 18:06 - 00000000 ____D C:\Program Files\WordBiz
2013-09-03 18:03 - 2013-09-03 18:03 - 00000790 _____ C:\Users\xyzxyz\Desktop\Wordbiz.lnk
2013-09-03 18:03 - 2013-09-03 18:03 - 00000000 ____D C:\Users\xyzxyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordBiz
2013-08-28 17:13 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
==================== One Month Modified Files and Folders =======
2013-09-23 19:49 - 2013-09-23 19:49 - 00000000 ____D C:\FRST
2013-09-23 19:49 - 2013-09-20 09:50 - 00013461 _____ C:\Windows\WindowsUpdate.log
2013-09-23 19:48 - 2013-09-23 19:47 - 01088367 _____ (Farbar) C:\Users\xyzxyz\Downloads\FRST.exe
2013-09-23 19:08 - 2013-04-16 11:03 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-23 17:51 - 2006-11-02 14:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 17:51 - 2006-11-02 14:47 - 00003296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 11:59 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-09-23 11:52 - 2013-04-16 11:03 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-23 11:52 - 2009-08-27 23:42 - 00063174 _____ C:\ProgramData\nvModes.dat
2013-09-23 11:52 - 2009-08-27 23:42 - 00063174 _____ C:\ProgramData\nvModes.001
2013-09-23 11:51 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 00:23 - 2008-04-27 23:13 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-09-23 00:23 - 2006-11-02 15:01 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-13 11:54 - 2013-08-20 12:22 - 00000000 ____D C:\Program Files\ZHPDiag
2013-09-13 11:54 - 2013-07-14 21:57 - 00000512 _____ C:\PhysicalDisk0_MBR.bin
2013-09-13 11:51 - 2013-08-20 12:22 - 00000000 ____D C:\ZHP
2013-09-13 11:48 - 2013-08-20 12:22 - 00001770 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2013-09-13 11:48 - 2013-08-20 12:22 - 00001647 _____ C:\Users\Public\Desktop\ZHPDiag.lnk
2013-09-12 21:36 - 2012-08-02 19:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-12 21:36 - 2012-08-02 19:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 10:25 - 2013-07-11 12:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 10:23 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-09 23:22 - 2006-11-02 12:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-06 23:58 - 2013-02-10 15:11 - 00000806 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-06 23:58 - 2013-02-10 15:11 - 00000000 ____D C:\Program Files\CCleaner
2013-09-06 21:29 - 2013-02-10 20:26 - 00000000 ____D C:\Users\xyzxyz\Documents\Management
2013-09-03 18:06 - 2013-09-03 18:03 - 00000000 ____D C:\Program Files\WordBiz
2013-09-03 18:03 - 2013-09-03 18:03 - 00000790 _____ C:\Users\xyzxyz\Desktop\Wordbiz.lnk
2013-09-03 18:03 - 2013-09-03 18:03 - 00000000 ____D C:\Users\xyzxyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordBiz
2013-09-02 12:51 - 2010-04-11 13:23 - 00000000 ____D C:\Users\xyzxyz\Documents\Mes numérisations
2013-09-02 12:16 - 2011-04-09 23:54 - 00000000 ___RD C:\Users\xyzxyz\Documents\Notes
2013-09-02 10:43 - 2006-11-02 12:33 - 01525940 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-01 17:05 - 2013-07-06 22:12 - 00000000 ____D C:\Users\xyzxyz\AppData\Roaming\vlc
2013-08-30 09:48 - 2013-03-27 00:06 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-03-27 00:06 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2011-05-17 18:49 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2009-03-21 13:22 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2009-03-21 13:22 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2009-03-21 13:22 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2009-03-21 13:22 - 00049760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-08-30 09:48 - 2009-03-21 13:22 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2010-06-30 11:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 09:47 - 2009-03-21 13:22 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== BCD ================================
Gestionnaire de d'marrage Windows
---------------------------------
identificateur {bootmgr}
device partition=C:
description Windows Boot Manager
locale fr-FR
inherit {globalsettings}
default {current}
resumeobject {c56a6da9-5d71-11da-848b-0016d303c81e}
displayorder {current}
{7aee936f-6cb6-11de-836b-001b24d0b6c6}
toolsdisplayorder {memdiag}
timeout 10
resume No
Chargeur de d'marrage Windows
-----------------------------
identificateur {572bcd55-ffa7-11d9-aae2-0007e994107d}
device ramdisk=[E:]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description HP Recovery Manager
osdevice ramdisk=[E:]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes
Chargeur de d'marrage Windows
-----------------------------
identificateur {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale fr-FR
inherit {bootloadersettings}
recoverysequence {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c56a6da9-5d71-11da-848b-0016d303c81e}
nx OptIn
Reprendre ... partir de la mise en veille prolong'e
-------------------------------------------------
identificateur {c56a6da9-5d71-11da-848b-0016d303c81e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale fr-FR
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Testeur de m'moire Windows
--------------------------
identificateur {memdiag}
device partition=C:
path \boot\memtest.exe
description Diagnostics m'moire Windows
locale fr-FR
inherit {globalsettings}
badmemoryaccess Yes
Secteur de d'marrage en mode r'el
---------------------------------
identificateur {7aee936f-6cb6-11de-836b-001b24d0b6c6}
device partition=C:
path \ubuntu\winboot\wubildr.mbr
description Ubuntu
ParamStres EMS
--------------
identificateur {emssettings}
bootems Yes
ParamStres du d'bogueur
-----------------------
identificateur {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
Erreurs de m'moire RAM
----------------------
identificateur {badmemory}
ParamStres globaux
------------------
identificateur {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
ParamStres du chargeur de d'marrage
-----------------------------------
identificateur {bootloadersettings}
inherit {globalsettings}
ParamStres du chargeur de reprise
---------------------------------
identificateur {resumeloadersettings}
inherit {globalsettings}
Options Ramdisk du programme d'installation
-------------------------------------------
identificateur {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \boot\boot.sdi
LastRegBack: 2013-09-23 12:00
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-09-2013
Ran by xyzxyz at 2013-09-23 19:50:29
Running from C:\Users\xyzxyz\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.8) - Français (Version: 10.1.8)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.7.0.62)
avast! Free Antivirus (Version: 8.0.1497.0)
BufferChm (Version: 130.0.331.000)
CCleaner (Version: 4.05)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DJ_AIO_06_F2400_SW_Min (Version: 130.0.373.000)
ESU for Microsoft Vista (Version: 2.0.3.1)
F2400 (Version: 130.0.373.000)
Google Update Helper (Version: 1.3.21.135)
GPBaseService2 (Version: 130.0.371.000)
Hewlett-Packard Active Check (Version: 1.1.7.0)
Hewlett-Packard Asset Agent (Version: 2.0.58.0)
HP Active Support Library (Version: 2.0.9.1)
HP Active Support Library 32 bit components (Version: 1.0.9)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Doc Viewer (Version: 1.01.0005)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Quick Launch Buttons 6.20 B1 (Version: 6.20 B1)
HP QuickPlay 3.2
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HP User Guides 0056 (Version: 1.02.0000)
HP Wireless Assistant (Version: 3.00 F1)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
InfraRecorder
Intel Matrix Storage Manager
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LightScribe 1.4.136.1 (Version: 1.4.136.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - fra (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile FRA Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0822)
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (Version: 4.0.30319)
Montpellier Business Plan Classic (Version: 2.3.0.332)
Motorola SM56 Speakerphone Modem (Version: 6.12.25.06)
Mozilla Firefox 23.0.1 (x86 fr) (Version: 23.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Notepad++
NVIDIA Drivers (Version: 1.10)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice 4.0.0 (Version: 4.00.9702)
PVSonyDll (Version: 1.00.0001)
Realtek High Definition Audio Driver (Version: 6.0.1.5384)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.551)
Scan (Version: 13.0.0.0)
Segoe UI (Version: 15.4.2271.0615)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Ubuntu (Version: 9.04-rev128)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VeriSoft Access Manager (Version: 2.1.2.880.15)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 2.0.7 (Version: 2.0.7)
WebReg (Version: 130.0.132.017)
Windows Live (Version: 15.4.3502.0922)
Windows Live (Version: 15.4.3555.0308)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WordBiz 1.8.7
ZHPDiag 2013 (Version: 2013)
==================== Restore Points =========================
13-09-2013 12:19:14 Point de contrôle planifié
14-09-2013 12:32:25 Point de contrôle planifié
16-09-2013 10:29:00 Point de contrôle planifié
17-09-2013 08:48:31 Windows Update
18-09-2013 10:53:52 Point de contrôle planifié
19-09-2013 11:59:00 Point de contrôle planifié
20-09-2013 09:56:58 Point de contrôle planifié
21-09-2013 11:49:42 Point de contrôle planifié
22-09-2013 11:56:29 Point de contrôle planifié
23-09-2013 12:03:11 Point de contrôle planifié
==================== Hosts content: ==========================
2006-11-02 12:23 - 2013-09-13 22:56 - 00000741 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0AE353CC-1179-4738-B0A4-C51194DEC726} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {1BC035A8-63A4-4D10-996A-E12AB981F376} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12] (Hewlett-Packard)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {25FD7B95-1295-4730-87D8-B99586E45CE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {8E71A138-4DC0-4199-B4BB-2A5D6BC7E1C3} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {907A97BD-1F6E-47FA-B050-CD09A42A7FD0} - System32\Tasks\Microsoft\Windows\RestartManager\{9AA5BBBD-D423-4efb-B1E7-45561E3F597B} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {A8FF1D2E-5FE3-4C64-A6DD-B59A5EDCB3C8} - System32\Tasks\Microsoft\Windows\RestartManager\{F8C101FB-A950-4770-873C-EE55896836BE} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {CA51E2B0-2E0B-48D8-8560-B7272FA38E4A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E9DB1458-71FF-42C3-9256-4D346C517F18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {F22D7A30-311D-4389-86CE-842AF7C92F60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2006-12-05 22:07 - 2006-12-05 22:07 - 00581120 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItMsg.dll
2006-12-01 21:02 - 2006-12-01 21:02 - 00205336 ____R (Bioscrypt Inc.) c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWallet.dll
2007-01-19 18:31 - 2007-01-19 18:31 - 00013312 ____R (Bioscrypt Inc.) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\ASWallet.dll
2007-02-02 22:28 - 2007-02-02 22:28 - 00405504 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItSSO.dll
2005-12-29 02:42 - 2005-12-29 02:42 - 00129024 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\RasAdmin.dll
2007-01-18 19:09 - 2007-01-18 19:09 - 00158720 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItReports.DLL
2006-03-13 21:37 - 2006-03-13 21:37 - 00015360 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\RasAdmin.dll
2005-11-07 02:32 - 2005-11-07 02:32 - 00137728 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\PkiAdmin.dll
2006-01-12 03:54 - 2006-01-12 03:54 - 00151552 ____R (Bioscrypt Inc.) c:\Program Files\Bioscrypt\VeriSoft\bin\brand.dll
2006-02-14 19:30 - 2006-02-14 19:30 - 00003072 ____R (Bioscrypt Inc.) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\brand.dll
2007-01-19 18:19 - 2007-01-19 18:19 - 00204288 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\ItMsg.dll
2006-03-13 21:37 - 2006-03-13 21:37 - 00010752 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\PkiAdmin.dll
2006-11-10 18:02 - 2006-11-10 18:02 - 00120320 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItVCClient.dll
2007-01-12 16:37 - 2007-01-12 16:37 - 00293376 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItVCard.dll
2007-02-01 22:42 - 2007-02-01 22:42 - 00222720 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItAPS.dll
2006-07-13 07:55 - 2006-07-13 07:55 - 00056832 ____R (Cognizance Corporation) C:\Windows\system32\APSHook.dll
2007-01-22 15:33 - 2007-01-22 15:33 - 00010752 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\ItAPS.dll
2007-02-15 22:43 - 2007-02-15 22:43 - 00222720 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\TrayIcon.dll
2007-02-13 00:32 - 2007-02-13 00:32 - 00552960 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\BioAuth.dll
2007-01-19 15:56 - 2007-01-19 15:56 - 00022528 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\BioAuth.dll
2006-06-22 09:14 - 2006-06-22 09:14 - 00131584 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll
2007-02-20 14:45 - 2007-02-20 14:45 - 00172032 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\NetAdmin.dll
2007-01-19 15:59 - 2007-01-19 15:59 - 00018432 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\NetAdmin.dll
2006-12-08 16:01 - 2006-12-08 16:01 - 00214528 _____ (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\SSOMngr.dll
2006-11-16 16:13 - 2006-11-16 16:13 - 00027136 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\bin\FRA\SSOMngr.dll
2006-12-05 17:35 - 2006-12-05 17:35 - 00296448 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ittal.dll
2007-02-21 00:43 - 2007-02-21 00:43 - 00475136 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItDAC.dll
2006-12-05 00:31 - 2006-12-05 00:31 - 00090112 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ItClient.dll
2007-02-07 01:11 - 2007-02-07 01:11 - 00025088 ____R (Cognizance Corporation) c:\Program Files\Bioscrypt\VeriSoft\Bin\ASBioAT.dll
2007-03-06 13:04 - 2007-03-06 13:04 - 01203776 _____ (AuthenTec, Inc.) C:\Windows\system32\ATSC70.dll
2007-05-01 12:27 - 2009-10-03 06:02 - 01063016 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2007-05-01 12:27 - 2009-10-03 06:02 - 07716456 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2006-11-24 03:27 - 2006-11-24 03:27 - 00024576 _____ (Burgaud.com) C:\Program Files\Notepad++\nppcm.dll
2010-04-14 20:51 - 2010-01-21 17:05 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2006-11-02 14:35 - 2006-11-02 14:35 - 00116736 _____ (Microsoft Corporation) C:\Windows\eHome\ehProxy.dll
2007-06-25 22:53 - 2007-04-23 18:10 - 00061440 _____ () C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
2013-08-22 00:27 - 2013-08-22 00:27 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-08-26 11:44:41.269
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:41.019
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:40.769
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:40.520
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:40.270
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:40.021
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:39.709
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:39.459
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:39.209
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
Date: 2013-08-26 11:44:38.960
Description: Le module d'intégrité du code ne peut pas vérifier l'intégrité image du fichier \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys car le jeu de hachages d'images par page n'a pas été trouvé sur le système.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 2045.68 MB
Available physical RAM: 1044.4 MB
Total Pagefile: 4338.36 MB
Available Pagefile: 3257.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.45 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:141.59 GB) (Free:78.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:146.55 GB) (Free:146.28 GB) NTFS
Drive e: () (Fixed) (Total:7.45 GB) (Free:7.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: BAA2CA2B)
Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 4398E41E)
Partition 1: (Not Active) - (Size=147 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=05)
==================== End Of Log ============================
Re,
Pourrais-tu héberger le rapports stp ? http://www.forum-entraide-informatique.com/support/cjoint-com-tutoriel-t2939.html
Merci,
Gabriel.
Pourrais-tu héberger le rapports stp ? http://www.forum-entraide-informatique.com/support/cjoint-com-tutoriel-t2939.html
Merci,
Gabriel.
Bonjour,
tu as déjà le rapport. il est ci dessus et je n'ai plus d'adresse mail valide.
il y a quelque chose qui m'échappe là.
bonne journée
tu as déjà le rapport. il est ci dessus et je n'ai plus d'adresse mail valide.
il y a quelque chose qui m'échappe là.
bonne journée
Bonjour,
Ah ouais ok tu les as postés collés...
Pas besoin de mail pour héberger des fichiers.
Tu n'avais pas fourni le rapport MBAM au fait ?
Gabriel.
Ah ouais ok tu les as postés collés...
Pas besoin de mail pour héberger des fichiers.
Tu n'avais pas fourni le rapport MBAM au fait ?
Gabriel.
Re,
Je te l'avais demandé ici : https://forums.commentcamarche.net/forum/affich-28545947-rapport-zhpdiag#13
Gabriel.
Je te l'avais demandé ici : https://forums.commentcamarche.net/forum/affich-28545947-rapport-zhpdiag#13
Gabriel.
Bonjour,
Voici ci-dessous le dernier rapport MB... Merci
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.09.25.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
xyzxyz :: PC-DE-XYZXYZ [administrateur]
25/09/2013 14:00:05
mbam-log-2013-09-25 (14-00-05).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM | P2P
Options d'examen désactivées:
Elément(s) analysé(s): 348561
Temps écoulé: 1 heure(s), 32 minute(s), 7 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
Voici ci-dessous le dernier rapport MB... Merci
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.09.25.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
xyzxyz :: PC-DE-XYZXYZ [administrateur]
25/09/2013 14:00:05
mbam-log-2013-09-25 (14-00-05).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM | P2P
Options d'examen désactivées:
Elément(s) analysé(s): 348561
Temps écoulé: 1 heure(s), 32 minute(s), 7 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
