Rapport zhpdiag
novice6433
Messages postés
54
Statut
Membre
-
2011N2 Messages postés 13379 Date d'inscription Statut Contributeur sécurité Dernière intervention -
2011N2 Messages postés 13379 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
je viens de passe zhpdiag sur mon ordi mais je ne sais pas l'interpréter. Pouvez vous m'aider. Merci d'avance.
voici le rapport :
~ Rapport de ZHPDiag v2013.8.18.261 - Nicolas Coolman (19/08/2013)
~ Lancé par xyzxyz (20/08/2013 12:36:31)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 23.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
CCleaner v4.03 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2045 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 78 GB (55%) free of 142 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-XYZXYZ
~ User Name: xyzxyz
~ All Users Names: xyzxyz, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\xyzxyz\AppData\Roaming\
~ %Desktop% : C:\Users\xyzxyz\Desktop\
~ %Favorites% : C:\Users\xyzxyz\Favorites\
~ %LocalAppData% : C:\Users\xyzxyz\AppData\Local\
~ %StartMenu% : C:\Users\xyzxyz\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 78 Go of 142 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 146 Go of 147 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 7 Go of 7 Go)
F:\ CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
~ Security Center: 35 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.6839F14A2507D9273BD13565DD880377] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2013 - 03:26:10.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/179
~ Mes musiques (My Musics) : 1/304
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 2/4226
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 1/66
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés au démarrage du système
[MD5.3F91D1056D2CEBEF374BE0E55428190A] - (.Cognizance Corporation - Global Virtual Card Host.) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe [65536] [PID.3596]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.4032]
[MD5.0AE3673E1C450359490CF47D6AA3AF7F] - (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176] [PID.972]
[MD5.94444693EA13A72F6820DFF844A1122E] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176] [PID.2512]
[MD5.C7C70AE1DE8F0FCC8F2431C5D15632DF] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [174872] [PID.2108]
[MD5.AF849798ECA383184C88ED436CF3EFB2] - (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776] [PID.2532]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968] [PID.1424]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3184]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3192]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3408]
[MD5.3E802CE450D0E7A234978E9A2EA4772A] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.exe [107816] [PID.3980]
[MD5.241B74792CC295DFDCB7940BBF52B226] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [677576] [PID.1576]
[MD5.4999625054FFA2AFFCAFD085C1218307] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [3611416] [PID.3176] =>Piriform Ltd
[MD5.760FD9037F8E98F5B9CB77891AACC8B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7831552] [PID.3528]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5712]
[MD5.C4D17F11526F87BC762F31DA5BD2580B] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 187.6.) -- C:\Windows\system32\nvvsvc.exe [219752] [PID.1092]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1452]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808] [PID.1872]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.992]
[MD5.DBAFC6734C054FEEF9087754BD80F847] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243] [PID.1408]
[MD5.582F2D900A3AC34C98FBDC2C0ABEF6B9] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [355096] [PID.2248]
[MD5.559C9B7800FAC92FC515CD0003D7C631] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2448]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.2544]
[MD5.04C1DCBB226C6AE647B794833CE3CEB6] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168] [PID.3092]
[MD5.2CEEB349216FEBD91A907013D4ABCFF7] - (.Hewlett-Packard - HP Health Check Service.) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984] [PID.4948]
~ Processes Running: Scanned in 00mn 03s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\prefs.js
M3 - MFPP: Plugins - [xyzxyz] -- C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\searchplugins\startpage-https---francais.xml
M0 - MFSP: prefs.js [xyzxyz - 5d16ixt7.default] www.freetelecom.fr
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 03s
~ Nombre de lignes (Lines number): 10584
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] . (.Cognizance Corporation - Terminal Services Virtual Channel Client.) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-1430075414-1570763820-2450149755-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop: Wordbiz.lnk . (.Internet Scrabble Club - Wordbiz.) -- C:\Program Files\WordBiz\WordBiz.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3C2686-FDD5-495A-9177-A9C3CF88A778}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D3C2686-FDD5-495A-9177-A9C3CF88A778}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EFECB41B-4609-497D-B1DA-0FDD4FBEF216}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{EFECB41B-4609-497D-B1DA-0FDD4FBEF216}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe (.not file.)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\xyzxyz\Documents\Dossier entier\dossier Photo Sarah\Photo 112.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\xyzxyz\Documents\Dossier entier\dossier Photo Sarah\Photo 112.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: VeriSoft Access Manager - (.Bioscrypt Inc..) [HKLM] -- {0ABA40AF-288D-41F1-B735-C5155692CD7D}
~ Logic: 81 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Yahoo] =>Toolbar.Yahoo
[HKCU\Software\Yahoo] =>Toolbar.Yahoo
[HKCU\Software\yahooinstall] =>Toolbar.Yahoo
[HKLM\Software\Yahoo] =>Toolbar.Yahoo
~ Key Software: 170 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/12/2007 - 19:12:07 - [17,991] ----D C:\Program Files\Bioscrypt
O43 - CFD: 19/05/2009 - 19:54:40 - [13,721] ----D C:\Program Files\CapAlpha
O43 - CFD: 30/12/2007 - 23:46:38 - [10,349] ----D C:\Program Files\SP38015
O43 - CFD: 10/08/2008 - 01:40:40 - [0] ----D C:\Users\xyzxyz\AppData\Roaming\VeriSoft Access Manager
O43 - CFD: 17/12/2009 - 15:30:47 - [1,791] ----D C:\Users\xyzxyz\AppData\Local\PokerStars.NET
~ 209 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 414 Legitimates Filtered in 00mn 08s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{d0688e78-e382-11de-b707-001b24d0b6c6}\AutoRun\command. (...) -- G:\InstallTomTomHOME.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 19/08/2013 - 11:05:19 ---A- C:\Users\xyzxyz\AppData\Roaming\OpenOffice\4\user\registrymodifications.xcu [37200]
~ 2 Fichiers temporaires (Temporary files)
~ Files: 5 Legitimates Filtered in 00mn 14s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (Lbd) .(...) - LEGACY_LBD
~ Legacy: 70 Legitimates Filtered in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {DAE1F01E-CDBA-4583-BDD0-F32DADF35661} [DefaultScope] - (Yahoo! France) - https://fr.search.yahoo.com/ =>Toolbar.Yahoo
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.25CB492EAF08F65EC4CB4409BEDE34E2] [SPRF][24/06/2009] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.6E05A7A738A120D1FB38EAA2B0F078E4] [SPRF][23/04/2010] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.E0E17D083043FF3B713FFC9A30D1E22C] [SPRF][20/08/2013] (...) -- C:\ProgramData\nvModes.dat [63174]
[MD5.418E9841D9F625FC098A7DB95CED83D9] [SPRF][17/06/2012] (...) -- C:\Users\xyzxyz\AppData\Local\d3d9caps.dat [680]
[MD5.CA56F21584E944979F7AA9F4F441553C] [SPRF][15/03/2009] (...) -- C:\Users\xyzxyz\AppData\Roaming\nvModes.dat [27430]
[MD5.91B8FC060C68BFEEA138BE4B2E5F3470] [SPRF][02/03/2011] (...) -- C:\Users\xyzxyz\AppData\Roaming\wklnhst.dat [146]
[MD5.9802B937DD7C102CC5F21E0D0979CE41] [SPRF][18/09/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r183.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3126944]
~ Files: Scanned in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "FA04ABA0D8821F147B535C516529DCD7" . (.VeriSoft Access Manager.) -- c:\Windows\Installer\{0ABA40AF-288D-41F1-B735-C5155692CD7D}\ARPPRODUCTICON.exe
~ Update Products: 73 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.FFCD50CB81E2B954A2230B2804C093F3] [WIS][26/07/2013] (.OpenOffice - OpenOffice 4.0.0.) -- C:\Windows\Installer\12271d1.msi [2237440]
[MD5.F1D60E720D993521FD97D17389656D0C] [WIS][16/04/2013] (.Google Inc. - Google Update Helper.) -- C:\Windows\Installer\24ad20.msi [22528]
[MD5.621D4C358391DDA183813CD6C2C40217] [WIS][13/04/2010] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\b0c15.msi [459264]
[MD5.00F9C6A45B2B6BBA364A469D828DF75D] [WIS][08/12/2007] (.Cognizance Corporation - Cognizance Identity Manager.) -- C:\Windows\Installer\fd518.msi [497664]
~ WIS: 77 Legitimates Filtered in 00mn 01s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/01/2008 21504 | c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (ASBroker) . (.Cognizance Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll (ASChannel) . (.Cognizance Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 262243 | (CLCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
SS - | Auto 106593 | (CLSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
SR - | Auto 14/03/2007 62984 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 02/05/2006 135168 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 12/02/2007 355096 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 14/12/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/10/2009 219752 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 12/02/2007 880640 | (RoxMediaDB9) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SS - | Demand 17/02/2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s
---\\ Recherche dinfection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by xyzxyz at 20/08/2013 12:38:22
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x83061916] >> \Device\Harddisk0\DR0[0x871B6730]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 28 Legitimates Filtered in 00mn 02s
---\\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by xyzxyz at 20/08/2013 12:38:24
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12859 - (19/08/2013)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}] =>Toolbar.Avast^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} =>Toolbar.Avast^
C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast^
[HKCU\Software\AppDataLow\Software\Yahoo] =>Toolbar.Yahoo^
[HKCU\Software\Yahoo] =>Toolbar.Yahoo^
[HKCU\Software\yahooinstall] =>Toolbar.Yahoo^
[HKLM\Software\Yahoo] =>Toolbar.Yahoo^
~ Additionnel Scan: 278511 Items scanned in 00mn 24s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/30898585-toolbar-avast =>Toolbar.Avast
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ MSI: 2 link(s) detected in 00mn 24s
~ 1338 Legitimates filtered by white list
End of the scan (469 lines in 02mn 17s)(0)
je viens de passe zhpdiag sur mon ordi mais je ne sais pas l'interpréter. Pouvez vous m'aider. Merci d'avance.
voici le rapport :
~ Rapport de ZHPDiag v2013.8.18.261 - Nicolas Coolman (19/08/2013)
~ Lancé par xyzxyz (20/08/2013 12:36:31)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 23.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
CCleaner v4.03 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2045 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 78 GB (55%) free of 142 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-XYZXYZ
~ User Name: xyzxyz
~ All Users Names: xyzxyz, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\xyzxyz\AppData\Roaming\
~ %Desktop% : C:\Users\xyzxyz\Desktop\
~ %Favorites% : C:\Users\xyzxyz\Favorites\
~ %LocalAppData% : C:\Users\xyzxyz\AppData\Local\
~ %StartMenu% : C:\Users\xyzxyz\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 78 Go of 142 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 146 Go of 147 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 7 Go of 7 Go)
F:\ CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
~ Security Center: 35 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.6839F14A2507D9273BD13565DD880377] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2013 - 03:26:10.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/179
~ Mes musiques (My Musics) : 1/304
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 2/4226
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 1/66
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés au démarrage du système
[MD5.3F91D1056D2CEBEF374BE0E55428190A] - (.Cognizance Corporation - Global Virtual Card Host.) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe [65536] [PID.3596]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.4032]
[MD5.0AE3673E1C450359490CF47D6AA3AF7F] - (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176] [PID.972]
[MD5.94444693EA13A72F6820DFF844A1122E] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176] [PID.2512]
[MD5.C7C70AE1DE8F0FCC8F2431C5D15632DF] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [174872] [PID.2108]
[MD5.AF849798ECA383184C88ED436CF3EFB2] - (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776] [PID.2532]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968] [PID.1424]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3184]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3192]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3408]
[MD5.3E802CE450D0E7A234978E9A2EA4772A] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.exe [107816] [PID.3980]
[MD5.241B74792CC295DFDCB7940BBF52B226] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [677576] [PID.1576]
[MD5.4999625054FFA2AFFCAFD085C1218307] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [3611416] [PID.3176] =>Piriform Ltd
[MD5.760FD9037F8E98F5B9CB77891AACC8B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7831552] [PID.3528]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5712]
[MD5.C4D17F11526F87BC762F31DA5BD2580B] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 187.6.) -- C:\Windows\system32\nvvsvc.exe [219752] [PID.1092]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1452]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808] [PID.1872]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.992]
[MD5.DBAFC6734C054FEEF9087754BD80F847] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243] [PID.1408]
[MD5.582F2D900A3AC34C98FBDC2C0ABEF6B9] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [355096] [PID.2248]
[MD5.559C9B7800FAC92FC515CD0003D7C631] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2448]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.2544]
[MD5.04C1DCBB226C6AE647B794833CE3CEB6] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168] [PID.3092]
[MD5.2CEEB349216FEBD91A907013D4ABCFF7] - (.Hewlett-Packard - HP Health Check Service.) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [62984] [PID.4948]
~ Processes Running: Scanned in 00mn 03s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\prefs.js
M3 - MFPP: Plugins - [xyzxyz] -- C:\Users\xyzxyz\AppData\Roaming\Mozilla\Firefox\Profiles\5d16ixt7.default\searchplugins\startpage-https---francais.xml
M0 - MFSP: prefs.js [xyzxyz - 5d16ixt7.default] www.freetelecom.fr
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 03s
~ Nombre de lignes (Lines number): 10584
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - SM56 Modem Helper.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CognizanceTS] . (.Cognizance Corporation - Terminal Services Virtual Channel Client.) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-1430075414-1570763820-2450149755-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop: Wordbiz.lnk . (.Internet Scrabble Club - Wordbiz.) -- C:\Program Files\WordBiz\WordBiz.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3C2686-FDD5-495A-9177-A9C3CF88A778}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D3C2686-FDD5-495A-9177-A9C3CF88A778}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EFECB41B-4609-497D-B1DA-0FDD4FBEF216}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{42DF069B-7975-410A-9355-0EB0162F8E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{EFECB41B-4609-497D-B1DA-0FDD4FBEF216}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe (.not file.)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\xyzxyz\Documents\Dossier entier\dossier Photo Sarah\Photo 112.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\xyzxyz\Documents\Dossier entier\dossier Photo Sarah\Photo 112.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: VeriSoft Access Manager - (.Bioscrypt Inc..) [HKLM] -- {0ABA40AF-288D-41F1-B735-C5155692CD7D}
~ Logic: 81 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Yahoo] =>Toolbar.Yahoo
[HKCU\Software\Yahoo] =>Toolbar.Yahoo
[HKCU\Software\yahooinstall] =>Toolbar.Yahoo
[HKLM\Software\Yahoo] =>Toolbar.Yahoo
~ Key Software: 170 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/12/2007 - 19:12:07 - [17,991] ----D C:\Program Files\Bioscrypt
O43 - CFD: 19/05/2009 - 19:54:40 - [13,721] ----D C:\Program Files\CapAlpha
O43 - CFD: 30/12/2007 - 23:46:38 - [10,349] ----D C:\Program Files\SP38015
O43 - CFD: 10/08/2008 - 01:40:40 - [0] ----D C:\Users\xyzxyz\AppData\Roaming\VeriSoft Access Manager
O43 - CFD: 17/12/2009 - 15:30:47 - [1,791] ----D C:\Users\xyzxyz\AppData\Local\PokerStars.NET
~ 209 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 414 Legitimates Filtered in 00mn 08s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{d0688e78-e382-11de-b707-001b24d0b6c6}\AutoRun\command. (...) -- G:\InstallTomTomHOME.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 19/08/2013 - 11:05:19 ---A- C:\Users\xyzxyz\AppData\Roaming\OpenOffice\4\user\registrymodifications.xcu [37200]
~ 2 Fichiers temporaires (Temporary files)
~ Files: 5 Legitimates Filtered in 00mn 14s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (Lbd) .(...) - LEGACY_LBD
~ Legacy: 70 Legitimates Filtered in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {DAE1F01E-CDBA-4583-BDD0-F32DADF35661} [DefaultScope] - (Yahoo! France) - https://fr.search.yahoo.com/ =>Toolbar.Yahoo
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.25CB492EAF08F65EC4CB4409BEDE34E2] [SPRF][24/06/2009] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.6E05A7A738A120D1FB38EAA2B0F078E4] [SPRF][23/04/2010] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.E0E17D083043FF3B713FFC9A30D1E22C] [SPRF][20/08/2013] (...) -- C:\ProgramData\nvModes.dat [63174]
[MD5.418E9841D9F625FC098A7DB95CED83D9] [SPRF][17/06/2012] (...) -- C:\Users\xyzxyz\AppData\Local\d3d9caps.dat [680]
[MD5.CA56F21584E944979F7AA9F4F441553C] [SPRF][15/03/2009] (...) -- C:\Users\xyzxyz\AppData\Roaming\nvModes.dat [27430]
[MD5.91B8FC060C68BFEEA138BE4B2E5F3470] [SPRF][02/03/2011] (...) -- C:\Users\xyzxyz\AppData\Roaming\wklnhst.dat [146]
[MD5.9802B937DD7C102CC5F21E0D0979CE41] [SPRF][18/09/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r183.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3126944]
~ Files: Scanned in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "FA04ABA0D8821F147B535C516529DCD7" . (.VeriSoft Access Manager.) -- c:\Windows\Installer\{0ABA40AF-288D-41F1-B735-C5155692CD7D}\ARPPRODUCTICON.exe
~ Update Products: 73 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.FFCD50CB81E2B954A2230B2804C093F3] [WIS][26/07/2013] (.OpenOffice - OpenOffice 4.0.0.) -- C:\Windows\Installer\12271d1.msi [2237440]
[MD5.F1D60E720D993521FD97D17389656D0C] [WIS][16/04/2013] (.Google Inc. - Google Update Helper.) -- C:\Windows\Installer\24ad20.msi [22528]
[MD5.621D4C358391DDA183813CD6C2C40217] [WIS][13/04/2010] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\b0c15.msi [459264]
[MD5.00F9C6A45B2B6BBA364A469D828DF75D] [WIS][08/12/2007] (.Cognizance Corporation - Cognizance Identity Manager.) -- C:\Windows\Installer\fd518.msi [497664]
~ WIS: 77 Legitimates Filtered in 00mn 01s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/01/2008 21504 | c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (ASBroker) . (.Cognizance Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll (ASChannel) . (.Cognizance Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 262243 | (CLCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
SS - | Auto 106593 | (CLSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
SR - | Auto 14/03/2007 62984 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 02/05/2006 135168 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 12/02/2007 355096 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 14/12/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/10/2009 219752 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 12/02/2007 880640 | (RoxMediaDB9) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SS - | Demand 17/02/2007 74656 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s
---\\ Recherche dinfection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by xyzxyz at 20/08/2013 12:38:22
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x83061916] >> \Device\Harddisk0\DR0[0x871B6730]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 28 Legitimates Filtered in 00mn 02s
---\\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by xyzxyz at 20/08/2013 12:38:24
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12859 - (19/08/2013)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}] =>Toolbar.Avast^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} =>Toolbar.Avast^
C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll =>Toolbar.Avast^
[HKCU\Software\AppDataLow\Software\Yahoo] =>Toolbar.Yahoo^
[HKCU\Software\Yahoo] =>Toolbar.Yahoo^
[HKCU\Software\yahooinstall] =>Toolbar.Yahoo^
[HKLM\Software\Yahoo] =>Toolbar.Yahoo^
~ Additionnel Scan: 278511 Items scanned in 00mn 24s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/30898585-toolbar-avast =>Toolbar.Avast
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ MSI: 2 link(s) detected in 00mn 24s
~ 1338 Legitimates filtered by white list
End of the scan (469 lines in 02mn 17s)(0)
A voir également:
- Rapport zhpdiag
- Zhpdiag - Télécharger - Informations & Diagnostic
- Plan rapport de stage - Guide
- Zhpdiag avis - Forum Antivirus
- ZHPDiag avis ✓ - Forum Virus
- Thème rapport de stage comptabilité - Forum Word
