Sujet Précédent Sujet Suivant

Pc neuf mais très très lent!

Fermé
quitale Messages postés 6 Date d'inscription samedi 4 octobre 2008 Statut Membre Dernière intervention 1 mars 2014 - 27 févr. 2014 à 19:34
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 1 mars 2014 à 09:49
Bonjour,
mon pc est neuf mais rame, rame....
j'ai fais un zhpdiag, quelqu'un peu me dire ce qui ne va pas.
merci d'avance



~ Rapport de ZHPDiag v2014.2.23.20 - Nicolas Coolman (23/02/2014)
~ Lancé par quitale (27/02/2014 19:23:15)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16518
MFIE: Mozilla Firefox 27.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : JHRD6
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.10 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: AMD64 Family 22 Model 0 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3546 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 410 GB (92%) free of 443 GB

---\\ Mode de connexion au système
~ Computer Name: MOI
~ User Name: quitale
~ All Users Names: quitale, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\quitale\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\quitale\AppData\Roaming\
~ %Desktop% : C:\Users\quitale\Desktop\
~ %Favorites% : C:\Users\quitale\Favorites\
~ %LocalAppData% : C:\Users\quitale\AppData\Local\
~ %StartMenu% : C:\Users\quitale\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 410 Go of 443 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 22 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/02/2014 - 10:24:52.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/11/2013 - 08:08:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/466
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/34
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1388]
[MD5.259FC81909D6FEEB1BEDB2595100513D] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [390256] [PID.3092]
[MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904] [PID.4004]
[MD5.F5D595BBAC654CD391E824043F7FEDFB] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144] [PID.1264]
[MD5.A4C34F9AAE33EC99D8ED5299F856C9D8] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224] [PID.4692]
[MD5.3B328976E4DEDE1B87B246D16DBDFFF9] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.3484]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.4192]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3872]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.2856]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\quitale\AppData\Roaming\Mozilla\Firefox\Profiles\bbi3377m.default\prefs.js
~ Firefox Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: AMD Start Now Technology.lnk . (.ATI Technologies Inc. - Catalyst Control Centre: Command Line Inter.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\CLI.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [quitale]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [quitale]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [quitale]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 40 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Company - Hp Accelerometer System Tray.) -- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Service] . (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_84] Clé orpheline =>PUA.FSTfr9
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BCFDD84-50B5-4CE5-8FC5-FAE9458E2D6D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8407975-BC4E-416D-AD34-73D7BC84DB42}: DhcpNameServer = 20.20.1.1 20.20.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{8BCFDD84-50B5-4CE5-8FC5-FAE9458E2D6D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B8407975-BC4E-416D-AD34-73D7BC84DB42}: DhcpNameServer = 20.20.1.1 20.20.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AdaptiveSleepService (AdaptiveSleepService) . (...) - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor - Realtek Audio Service.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
~ Services: 14 Legitimates Filtered in 01mn 02s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
[MD5.00000000000000000000000000000000] [APT] [{B3F23F36-02B8-498D-A72E-58A79CC49341}] (...) -- c:\users\quitale\appdata\local\lollipop\lollipop.bat (.not file.) [0] =>Adware.Lollipop
~ Scheduled Task: 16 Legitimates Filtered in 00mn 09s



---\\ Logiciels installés (O42)
O42 - Logiciel: OEM Application Profile - (.Nom de votre société.) [HKLM][64Bits] -- {70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}
~ Logic: 22 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/07/2013 - 22:16:29 - [41,208] ----D C:\ProgramData\{4A268D42-77A5-4E91-AE73-470ED3BD9CA8}
O43 - CFD: 02/02/2014 - 17:30:31 - [1,063] ----D C:\Users\quitale\AppData\Roaming\0V1L2Z2Z1T1I1L1T
~ Program Folder: 123 Legitimates Filtered in 00mn 31s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2100B28C34C4FCE916A4A61F58E31198] - 13/02/2014 - 20:51:32 ---A- . (...) -- C:\Windows\System32\connectedsearch-results.searchconnector-ms [9701]
O44 - LFC:[MD5.4B916278E1487A5CD5F8F9A521980026] - 15/02/2014 - 01:47:12 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385614]
~ Files: 90 Legitimates Filtered in 00mn 41s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.056B1EFB3D42900B08785E6A95EC1589] - 04/02/2014 - 02:04:34 ---A- - C:\Windows\Prefetch\TIME.EXE-F2C41F49.pf
O45 - LFCP:[MD5.1AF8E1D9E3460C0B88671FF39FAE692E] - 04/02/2014 - 02:47:34 ---A- - C:\Windows\Prefetch\AUTOSHUTDOWNTOOL_V41100003_WI-CAAF17A3.pf
O45 - LFCP:[MD5.8D2F0269EE255CC286855A98240911A0] - 04/02/2014 - 03:01:23 ---A- - C:\Windows\Prefetch\LBP6200D_R151_V110_W64_UK_FR_-5CB11FE4.pf
O45 - LFCP:[MD5.1656EF69E432324C2CC10AB8F7E20419] - 04/02/2014 - 04:16:27 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.7CD19F27A3888322BC7B3A8F60BC7249] - 05/02/2014 - 03:41:35 ---A- - C:\Windows\Prefetch\LBP6200D_R151_V110_W32_UK_FR_-9849FC91.pf
O45 - LFCP:[MD5.717A6EA5644144F200D943BF468FCE63] - 05/02/2014 - 03:43:46 ---A- - C:\Windows\Prefetch\AUTOSHUTDOWNTOOL_V41100003_WI-4116C9BD.pf
O45 - LFCP:[MD5.8BD95B104BCDA341FC2E24E76F9A1725] - 05/02/2014 - 03:45:04 ---A- - C:\Windows\Prefetch\LBP6200D_R151_V110_W64_UK_FR_-C2239121.pf
O45 - LFCP:[MD5.B4BAC7379651D6DFC524F16BEB8E6D3A] - 12/02/2014 - 02:23:48 ---A- - C:\Windows\Prefetch\FST_FR_0702-FE48FD23.TMP-B1E02EBD.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.1388D02101E697244A98A1E8A62BB10B] - 12/02/2014 - 02:23:48 ---A- - C:\Windows\Prefetch\MELONDREA_0702-81CFB2EF.EXE-77E48136.pf
O45 - LFCP:[MD5.EB9762C0DCFF99D4AB871C32E319F8FE] - 12/02/2014 - 02:30:49 ---A- - C:\Windows\Prefetch\PREDM.TMP-7DE9FD91.pf
O45 - LFCP:[MD5.232E2B5171B89C2DB2B3D39210760643] - 12/02/2014 - 02:30:52 ---A- - C:\Windows\Prefetch\DM.TMP-401C9FF5.pf
O45 - LFCP:[MD5.650DE114F9B55027B3EA33801B4AC8BE] - 12/02/2014 - 02:31:02 ---A- - C:\Windows\Prefetch\IMNS.EXE-F5B25C38.pf
O45 - LFCP:[MD5.3A1783984D768799A2807E972D2A9208] - 12/02/2014 - 02:34:36 ---A- - C:\Windows\Prefetch\DDRAGON.TMP-711094D1.pf
O45 - LFCP:[MD5.F222CD5F8BF4E68E57829B1964CFCC12] - 12/02/2014 - 02:34:45 ---A- - C:\Windows\Prefetch\PACKAGE_DDRAGON_INSTALLER_MUL-87BE2C6C.pf
O45 - LFCP:[MD5.95B946923CE2F4C26171C5BDFFB7929E] - 12/02/2014 - 02:53:05 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-7C7EDA15.pf
O45 - LFCP:[MD5.B3A8AC30B2E3393C380080A8DCF949BF] - 15/02/2014 - 01:35:53 ---A- - C:\Windows\Prefetch\MOUNTVOL.EXE-84487FEE.pf
O45 - LFCP:[MD5.2E048604EBB62C6FB4E66F62437144F9] - 15/02/2014 - 15:22:39 ---A- - C:\Windows\Prefetch\PHOTOSAPP.EXE-8FE95EC8.pf
O45 - LFCP:[MD5.A5D23CADBF70F8F763AF3DF0837D6CF9] - 15/02/2014 - 15:22:53 ---A- - C:\Windows\Prefetch\BULKOPERATIONHOST.EXE-1D031CC3.pf
O45 - LFCP:[MD5.2AD905006882C0643B62301C2BCAF771] - 17/02/2014 - 21:46:48 ---A- - C:\Windows\Prefetch\DETECT_BACKUPYOURIMPORTANTDAT-AEE8DFC9.pf
O45 - LFCP:[MD5.2F35B12B4DFC11816AC4529AD46672F1] - 17/02/2014 - 22:12:30 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.0263BB4A7753DD799A8CC0E666CBEEF0] - 17/02/2014 - 22:42:56 ---A- - C:\Windows\Prefetch\GLCND.EXE-02A191A6.pf
O45 - LFCP:[MD5.45491F622FEAB97EA1895A2AF7ECBBA4] - 19/02/2014 - 01:12:37 ---A- - C:\Windows\Prefetch\LBP6200D_R151_V110_W32_UK_EN_-BDA6ED50.pf
O45 - LFCP:[MD5.36473FAB4EB7CEF6F4300E2B68DD8BB9] - 19/02/2014 - 01:14:24 ---A- - C:\Windows\Prefetch\AUTOSHUTDOWNTOOL_V41100003_WI-17E5BC52.pf
O45 - LFCP:[MD5.AFE8F651E00A977CFCBAF5E13B1603A8] - 19/02/2014 - 01:42:10 ---A- - C:\Windows\Prefetch\WLXPGSS.SCR-49D3EC0A.pf
O45 - LFCP:[MD5.35159F0A6B5940918C7731A7BB4863B3] - 19/02/2014 - 23:31:54 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-869E0283.pf =>PUP.Wajam
O45 - LFCP:[MD5.48116F1A134663A54B7A4F2B619E79BF] - 19/02/2014 - 23:32:51 ---A- - C:\Windows\Prefetch\746381~1.EXE-072D57E8.pf
O45 - LFCP:[MD5.C009C18B174948AD00A217BA073C821F] - 19/02/2014 - 23:32:51 ---A- - C:\Windows\Prefetch\MYSEARCHDIALSRV.EXE-9836EEE8.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.8F85B6EF1231934FD229AD2F0875CC20] - 19/02/2014 - 23:34:20 ---A- - C:\Windows\Prefetch\MYSEARCHDIAL.EXE-E0D7897A.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.A572F2FF8E8899149CE4AB77A742FADF] - 19/02/2014 - 23:35:13 ---A- - C:\Windows\Prefetch\UPDATEFINDRIGHT.EXE-86056448.pf =>Hijacker.FindrToolbar
O45 - LFCP:[MD5.97D015D6199F5E474EEC3126C53BE5D9] - 19/02/2014 - 23:35:19 ---A- - C:\Windows\Prefetch\FINDRIGHT.FIRSTRUN.EXE-290AD520.pf =>Hijacker.FindrToolbar
O45 - LFCP:[MD5.3582DE0E5204CC549FF0CC12593F4168] - 20/02/2014 - 01:54:27 ---A- - C:\Windows\Prefetch\UNINSTALL3257150.EXE-8CCA1FD4.pf
O45 - LFCP:[MD5.A9466E9ABA04285F73500FC302B503B3] - 20/02/2014 - 01:55:10 ---A- - C:\Windows\Prefetch\GAME.DAT-99D9B6CB.pf
O45 - LFCP:[MD5.61486CDC988B101769CAB57EB2DCE379] - 20/02/2014 - 01:55:12 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-7984D480.pf
O45 - LFCP:[MD5.A1BAE033BB7C6932EE253D4FF0476E73] - 20/02/2014 - 01:55:13 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-4FFBD3A1.pf
O45 - LFCP:[MD5.1246F2CDB2507C86F01B19851FF88137] - 20/02/2014 - 01:55:14 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-A0B5A03B.pf
O45 - LFCP:[MD5.6F270F8AD1B1753D66064492C3F40F8C] - 20/02/2014 - 01:55:18 ---A- - C:\Windows\Prefetch\GAME.DAT-5B81F525.pf
O45 - LFCP:[MD5.704A43775203FD71278D9CE444E20530] - 20/02/2014 - 01:55:20 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-7FC4F73A.pf
O45 - LFCP:[MD5.0EA624C3BAB68D802AE2AEC038351B97] - 20/02/2014 - 01:55:22 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-016D910B.pf
O45 - LFCP:[MD5.2A00A81A9EBA7E1BF7C46DA406D2E05E] - 20/02/2014 - 01:55:23 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-3DA5A445.pf
O45 - LFCP:[MD5.F6F6C2C8AAA574991C2516FC5CF2D70E] - 20/02/2014 - 01:55:26 ---A- - C:\Windows\Prefetch\GAME.DAT-95EAA8F5.pf
O45 - LFCP:[MD5.35F0FBA7817999149E493E8E471CA17A] - 20/02/2014 - 01:55:27 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-51D9BE0A.pf
O45 - LFCP:[MD5.A29DAAF2E83CC29A147AD0431D113BDD] - 20/02/2014 - 01:55:28 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-7CC2E55B.pf
O45 - LFCP:[MD5.C06800050B4C96B2AEF301A386CF974F] - 20/02/2014 - 01:55:29 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-EC7BBD95.pf
O45 - LFCP:[MD5.D4B908EC3AEE9F6324EC8DAD1BB8CBC4] - 20/02/2014 - 01:55:32 ---A- - C:\Windows\Prefetch\GAME.DAT-97DB397C.pf
O45 - LFCP:[MD5.FB99B48292E22A47BA5B20A5C37B1EE5] - 20/02/2014 - 01:55:33 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-C9E5F521.pf
O45 - LFCP:[MD5.3FF92BFDB99B6D72F33296C45631C82E] - 20/02/2014 - 01:55:34 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-73192C7A.pf
O45 - LFCP:[MD5.F54460FB04187825B570C4E5416EA5B3] - 20/02/2014 - 01:55:36 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-86921EA4.pf
O45 - LFCP:[MD5.288C7491E2B3276E1CF73A04ECC5D7F7] - 20/02/2014 - 01:55:39 ---A- - C:\Windows\Prefetch\GAME.DAT-140CA674.pf
O45 - LFCP:[MD5.0AE20F370D549A610C17AD869AF72BD2] - 20/02/2014 - 01:55:41 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-F840CA99.pf
O45 - LFCP:[MD5.7A351DC7AFC41F86C7BD9ACE690F5DBD] - 20/02/2014 - 01:55:42 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-69068C32.pf
O45 - LFCP:[MD5.A3145474D4FC1A444BA37A465A20377B] - 20/02/2014 - 01:55:43 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-46C4B9DC.pf
O45 - LFCP:[MD5.335F2FC209EF189032B9260A40EC4558] - 20/02/2014 - 01:55:46 ---A- - C:\Windows\Prefetch\GAME.DAT-5E31323F.pf
O45 - LFCP:[MD5.13F62F418D699DB9632DE228A94874DF] - 20/02/2014 - 01:55:48 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-C1DCECB4.pf
O45 - LFCP:[MD5.89EAA1A5EB553500196D9CDE0032968E] - 20/02/2014 - 01:55:49 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-52DEFB35.pf
O45 - LFCP:[MD5.A422644A237B13116C026E27FDF022A2] - 20/02/2014 - 01:55:50 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-CB32210F.pf
O45 - LFCP:[MD5.FF1C6926014C016EA378DE72AB0CF1D4] - 20/02/2014 - 01:55:53 ---A- - C:\Windows\Prefetch\GAME.DAT-6E3D9CE4.pf
O45 - LFCP:[MD5.1D78B3FC72A87EE4D6FF9B36B54CCA4A] - 20/02/2014 - 01:55:54 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-E6EB4A09.pf
O45 - LFCP:[MD5.EE894969120C5D15F67F59A48694BB42] - 20/02/2014 - 01:55:55 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-D1431C22.pf
O45 - LFCP:[MD5.80862E377B67CA38D69F9FDC8DE05509] - 20/02/2014 - 01:55:56 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-54D4C8CC.pf
O45 - LFCP:[MD5.EFBA8453B1604B11E979C297DC28AE63] - 20/02/2014 - 01:56:00 ---A- - C:\Windows\Prefetch\GAME.DAT-7DB2A8FE.pf
O45 - LFCP:[MD5.933FFC405FB840C5248A2EBC7F315950] - 20/02/2014 - 01:56:02 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-46231E83.pf
O45 - LFCP:[MD5.03F2846B36BF05C8E018EBE431982841] - 20/02/2014 - 01:56:03 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-5C382D4C.pf
O45 - LFCP:[MD5.D387B5DCF6F7437F0CEC98FF926C6C37] - 20/02/2014 - 01:56:05 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-16875C96.pf
O45 - LFCP:[MD5.C8ACE5E50FB2A2A85402DDB061E66C0C] - 20/02/2014 - 01:56:09 ---A- - C:\Windows\Prefetch\GAME.DAT-91119802.pf
O45 - LFCP:[MD5.956BC8EAA37D8E6615F76ADB850A8202] - 20/02/2014 - 01:56:10 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-04DC8147.pf
O45 - LFCP:[MD5.281AF9C5939EBF26A16DADBCFEC8E1D3] - 20/02/2014 - 01:56:11 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-DCD0BEF0.pf
O45 - LFCP:[MD5.50709E19AE1B5F84E386570476D7C6B1] - 20/02/2014 - 01:56:12 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-DBF5687A.pf
O45 - LFCP:[MD5.A38557AB657362A8EBDEDEBF37D2D287] - 20/02/2014 - 01:56:16 ---A- - C:\Windows\Prefetch\GAME.DAT-72454CC7.pf
O45 - LFCP:[MD5.A1FE955A69E8689BBF92398E327B256E] - 20/02/2014 - 01:56:17 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-7F6AA6BC.pf
O45 - LFCP:[MD5.D52B45D1AA523661CD197217FFD53712] - 20/02/2014 - 01:56:18 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-738F0EFD.pf
O45 - LFCP:[MD5.F9667604BA08D32B91F8670C0EF2B61D] - 20/02/2014 - 01:56:20 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-9BA83157.pf
O45 - LFCP:[MD5.3E5C6FDC198E1EEEAD0250A7C3BBA82C] - 20/02/2014 - 01:56:23 ---A- - C:\Windows\Prefetch\GAME.DAT-115D29C5.pf
O45 - LFCP:[MD5.35415959FF8F350A16D52BB5DCD46BDE] - 20/02/2014 - 01:56:24 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-9BE081DA.pf
O45 - LFCP:[MD5.FC6F8288A9AF998A7B7DD714F1D395F4] - 20/02/2014 - 01:56:25 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-1B1A8EAB.pf
O45 - LFCP:[MD5.AB0DB4BF9A585089645C32849A1AAA53] - 20/02/2014 - 01:56:26 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-BEB17BE5.pf
O45 - LFCP:[MD5.6CA86393DE11B3E96932E4FBD399972A] - 20/02/2014 - 01:56:30 ---A- - C:\Windows\Prefetch\GAME.DAT-DF91F6B8.pf
O45 - LFCP:[MD5.A45DBB3132848CD8295322D787C6E658] - 20/02/2014 - 01:56:32 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-7FD9BA9D.pf
O45 - LFCP:[MD5.C80DD5CDCAF6AFEA0F0171F463159B18] - 20/02/2014 - 01:56:34 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-F553D116.pf
O45 - LFCP:[MD5.7822E6DFBBB9084C9DA380D5763E89E1] - 20/02/2014 - 01:56:35 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-2390AD00.pf
O45 - LFCP:[MD5.1E63B4327AAA1B893821EA8E1F28E3A9] - 20/02/2014 - 01:56:38 ---A- - C:\Windows\Prefetch\GAME.DAT-D1E21ABB.pf
O45 - LFCP:[MD5.6E1612010E2F5207E0A0974AAFDD8050] - 20/02/2014 - 01:56:40 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-23016970.pf
O45 - LFCP:[MD5.CF20DA3E4C81D32DD42D896AE44536F5] - 20/02/2014 - 01:56:41 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-3012AD11.pf
O45 - LFCP:[MD5.3E3C5FD4B4F62226376AEA6BFD0AD004] - 20/02/2014 - 01:56:42 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-180890AB.pf
O45 - LFCP:[MD5.03B8CA5344DC6646D64558BE0B4753C1] - 20/02/2014 - 01:56:45 ---A- - C:\Windows\Prefetch\GAME.DAT-622D2E35.pf
O45 - LFCP:[MD5.3DE10C161401D640C4F84785A8E9926B] - 20/02/2014 - 01:56:46 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-AE972F4A.pf
O45 - LFCP:[MD5.24265246F92AD62BD2A68002BCA3931A] - 20/02/2014 - 01:56:48 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-FC135C9B.pf
O45 - LFCP:[MD5.AA7DDCCF2DA8449D53E97BAA20D30A74] - 20/02/2014 - 01:56:49 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-5891A8D5.pf
O45 - LFCP:[MD5.A86E92626915466ACA3F221B1B6CA9B5] - 20/02/2014 - 01:56:53 ---A- - C:\Windows\Prefetch\GAME.DAT-F18BBD2D.pf
O45 - LFCP:[MD5.E66F746EFB79E31FA4CD136F11B4F077] - 20/02/2014 - 01:56:54 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-6E9F06C2.pf
O45 - LFCP:[MD5.EE8BA025E85D7CFC627F43AF3AEFCC4E] - 20/02/2014 - 01:56:56 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-BA702E53.pf
O45 - LFCP:[MD5.93B9310A2C2FB46518AA967392CD19E5] - 20/02/2014 - 01:56:57 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-B55AD60D.pf
O45 - LFCP:[MD5.E6D09863686456EB8565FFC413077A41] - 20/02/2014 - 01:57:00 ---A- - C:\Windows\Prefetch\GAME.DAT-82B00A08.pf
O45 - LFCP:[MD5.23CFD44251605CEDAEB3EA1BE2739887] - 20/02/2014 - 01:57:01 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-076168ED.pf
O45 - LFCP:[MD5.01EB0AF18AAEB793B1C40856DC45BE5D] - 20/02/2014 - 01:57:01 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-D54C30E6.pf
O45 - LFCP:[MD5.3583D8CE8CA1669899AC0427F82C0AE6] - 20/02/2014 - 01:57:03 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-25AE89D0.pf
O45 - LFCP:[MD5.65D35761F722BBAFE5B09BDAFFBB1B6E] - 20/02/2014 - 01:57:06 ---A- - C:\Windows\Prefetch\GAME.DAT-6E2E91ED.pf
O45 - LFCP:[MD5.61408EA774EF9F4C474BFC9C5F634815] - 20/02/2014 - 01:57:07 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-B73B4F82.pf
O45 - LFCP:[MD5.17AA9DA378A868D02D94F5E1E405046E] - 20/02/2014 - 01:57:09 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-D91C2113.pf
O45 - LFCP:[MD5.D735563C9D39B5271B5D935D87C62209] - 20/02/2014 - 01:57:09 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-D177F4CD.pf
O45 - LFCP:[MD5.16F8BC0A8A9301445B536654A1FDF796] - 20/02/2014 - 01:57:12 ---A- - C:\Windows\Prefetch\GAME.DAT-57E901EA.pf
O45 - LFCP:[MD5.FFA557068319237301155D4CE2562773] - 20/02/2014 - 01:57:13 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-B1E8F4AF.pf
O45 - LFCP:[MD5.0E4DB06E1B00745F4BA5B8CDC3D9EC37] - 20/02/2014 - 01:57:14 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-6840F918.pf
O45 - LFCP:[MD5.E759614074C99D035A5B718E6C6CC40D] - 20/02/2014 - 01:57:15 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-36FF0522.pf
O45 - LFCP:[MD5.8C37C95C3B77FDA6C00D26FA36A5C823] - 20/02/2014 - 01:57:18 ---A- - C:\Windows\Prefetch\GAME.DAT-E61BDEC7.pf
O45 - LFCP:[MD5.CBF0CA43809D38FE28D79AFC20E55B3A] - 20/02/2014 - 01:57:20 ---A- - C:\Windows\Prefetch\LAUNCH.DAT-EB1A18BC.pf
O45 - LFCP:[MD5.C533982C960E5C3019823B95BE94B88E] - 20/02/2014 - 01:57:20 ---A- - C:\Windows\Prefetch\TOUCHPOINTS.DAT-6BB970FD.pf
O45 - LFCP:[MD5.D35D259233799C02E8D0B2F161F6098E] - 20/02/2014 - 01:57:22 ---A- - C:\Windows\Prefetch\UNINSTALL.DAT-3628B357.pf
O45 - LFCP:[MD5.20193CD6840B5867053E1856DEAF8949] - 21/02/2014 - 01:42:52 ---A- - C:\Windows\Prefetch\GOOGLE%20EARTH.EXE-74BBCB6F.pf
O45 - LFCP:[MD5.AF13C0C35380150EB677647228F81C19] - 21/02/2014 - 01:42:53 ---A- - C:\Windows\Prefetch\INS1485.EXE-24A4C73C.pf
O45 - LFCP:[MD5.7275A313E25BEDF881AB61CDC37EA408] - 21/02/2014 - 01:43:30 ---A- - C:\Windows\Prefetch\MELONDREA_0702-81CFB2EF.EXE-86B792E1.pf
O45 - LFCP:[MD5.EE77A7279D302C887A0B41ADA2B29766] - 21/02/2014 - 01:43:49 ---A- - C:\Windows\Prefetch\LOLLIPOP_ANTIVIRUS_1302-27BC6-76EA3B0F.pf =>Adware.Lollipop
O45 - LFCP:[MD5.C2CD070A3EE8C2B70E7857BD78D3B6ED] - 21/02/2014 - 01:43:55 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-499C0324.pf =>Adware.Lollipop
O45 - LFCP:[MD5.EE8B3274B924A60C4D66CB25674C3423] - 21/02/2014 - 01:43:55 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-E69E0788.pf
O45 - LFCP:[MD5.B05FF391EC17A45C681132FB738AC0A1] - 21/02/2014 - 01:44:35 ---A- - C:\Windows\Prefetch\UPDATEMELONDREA.EXE-E0D94AC8.pf
O45 - LFCP:[MD5.110A7BE431D6972D86DF59E4BAE8A03F] - 21/02/2014 - 01:44:41 ---A- - C:\Windows\Prefetch\MELONDREA.FIRSTRUN.EXE-F591D3A0.pf
O45 - LFCP:[MD5.591F960A3CBBB5386DD74063057A7119] - 21/02/2014 - 01:47:38 ---A- - C:\Windows\Prefetch\33.0.1750.117_CHROME_INSTALLE-12A4E656.pf
O45 - LFCP:[MD5.4BD14E8E407DAED97FA583E3A005547C] - 21/02/2014 - 01:50:50 ---A- - C:\Windows\Prefetch\33.0.1750.117_CHROME_INSTALLE-BEEFFA8A.pf
O45 - LFCP:[MD5.201B468AD3046C8AFB43B21F4E77B041] - 22/02/2014 - 00:46:38 ---A- - C:\Windows\Prefetch\9D18DBE3-7B2D-41D3-909C-58BA4-E18EC60F.pf
O45 - LFCP:[MD5.121D192A3C8FB410461A5D875CFE5EC8] - 22/02/2014 - 01:00:44 ---A- - C:\Windows\Prefetch\IEFLASHUPDATEPREP.EXE-B16186A0.pf
O45 - LFCP:[MD5.4A59B6A126AD7A066025E943398F23C8] - 24/02/2014 - 20:29:23 ---A- - C:\Windows\Prefetch\DETECT_AFTERUPGRADINGTOWIN81.-B0F15E16.pf
O45 - LFCP:[MD5.108D6591C9DEF706BA1B287382D0AC11] - 24/02/2014 - 20:29:23 ---A- - C:\Windows\Prefetch\DETECT_BACKUPPASSWORDREMINDER-5E4DB668.pf
O45 - LFCP:[MD5.E753DC7BC8D00E2FA15D151BB0EE38E5] - 24/02/2014 - 20:29:23 ---A- - C:\Windows\Prefetch\DETECT_HPCONNECTEDPHOTO.EXE-F3314DF6.pf
O45 - LFCP:[MD5.B484E01BD28F196C8A6D4C6C89B90F67] - 24/02/2014 - 20:29:23 ---A- - C:\Windows\Prefetch\DETECT_RECOVERYDISC_DARWIN_EM-EA362A46.pf
O45 - LFCP:[MD5.09ADE4D058F31D50A7A5A0718B747840] - 24/02/2014 - 21:00:50 ---A- - C:\Windows\Prefetch\CLMSHARDWARETRANSCODE.EXE-D85821E5.pf
O45 - LFCP:[MD5.3F001ECDB938E91B7D71D0DC93814039] - 24/02/2014 - 23:07:29 ---A- - C:\Windows\Prefetch\HPDEVICEDETECTION3.EXE-7BB32E65.pf
O45 - LFCP:[MD5.DA54E74BE1EC91B403B0ADD608049F4E] - 25/02/2014 - 20:26:29 ---A- - C:\Windows\Prefetch\1E54469E-366A-4745-905A-37AFD-863442EE.pf
O45 - LFCP:[MD5.6D647235A268900F4B06E6562AE45B23] - 26/02/2014 - 23:12:13 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf
O45 - LFCP:[MD5.0141FE71BAA3F3CAE842ED0785BEEC23] - 27/02/2014 - 02:18:38 ---A- - C:\Windows\Prefetch\CLMSSERVERPDVD12.EXE-A309F880.pf
O45 - LFCP:[MD5.6CD5E3A58EB9C82103669AE70373C83D] - 27/02/2014 - 18:58:02 ---A- - C:\Windows\Prefetch\PfPre_b2e8fffd.db
O45 - LFCP:[MD5.62AED7FBC0A2D5B744A5DA9F58C68877] - 27/02/2014 - 19:00:51 ---A- - C:\Windows\Prefetch\SMRTADPTR.EXE-9A49AE8F.pf
O45 - LFCP:[MD5.A6EF7A1E3E7DCC08BEEFE6332941324A] - 27/02/2014 - 19:00:54 ---A- - C:\Windows\Prefetch\ACCELEROMETERST.EXE-9AE5C81D.pf
O45 - LFCP:[MD5.24D940FC2A5701B4CB8D52C0FA807780] - 27/02/2014 - 19:01:45 ---A- - C:\Windows\Prefetch\YOUCAM_WEBCAM_CAMERA_VIDEO.EX-51E3F77E.pf
O45 - LFCP:[MD5.58B77311DDBCE42A51DBDEE49F12C603] - 27/02/2014 - 19:08:05 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
~ Prefetcher: 469 Legitimates Filtered in 00mn 07s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 02/02/2014 - 20:51:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 02/02/2014 - 20:51:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 17 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 24/02/2014 - 19:26:27 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 24/02/2014 - 19:26:27 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\ZHPDiag.txt [42142] =>.Nicolas Coolman
O61 - LFC: 27/02/2014 - 19:26:27 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\Log.txt [36265] =>.Nicolas Coolman
O61 - LFC: 27/02/2014 - 19:26:27 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\TestsZHPDiag.txt [2879] =>.Nicolas Coolman
O61 - LFC: 27/02/2014 - 19:26:28 ---A- . (...) -- C:\Users\quitale\Downloads\adwcleaner.exe [1244192]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 40 Legitimates Filtered in 00mn 13s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {7C2C1785-7B87-4E41-9A46-D5EDDF58034A} - (Propositions de recherche Amazon.fr) - https://www.amazon.fr/
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{9C9124AB-448F-41CD-BAE9-37C149563943}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "{C1632535-910F-462D-B0C0-0F05831F044F}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
~ Firewall: 253 Legitimates Filtered in 00mn 03s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 09/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 17/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 16/04/2013 103424 | (AdaptiveSleepService) . (...) - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 16/04/2013 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 02/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/06/2013 77576 | (CyberLink PowerDVD 12 Media Server Monitor Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
SR - | Auto 26/06/2013 294664 | (CyberLink PowerDVD 12 Media Server Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
SR - | Auto 07/06/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 07/06/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 01/03/2013 43320 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 03/05/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 19/06/2013 246488 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

~ Services: Scanned in 00mn 14s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by quitale at 27/02/2014 19:28:01
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by quitale at 27/02/2014 19:28:03

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (23/02/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_84 =>PUA.FSTfr9^
~ Additionnel Scan: 238692 Items scanned in 00mn 55s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>PUP.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/33083759-hijacker-findrtoolbar =>Hijacker.FindrToolbar
~ MSI: 5 link(s) detected in 00mn 56s



~ 1463 Legitimates filtered by white list
End of the scan (523 lines in 05mn 46s)(0)




A voir également:

5 réponses

Réponse 1 / 5
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
27 févr. 2014 à 19:44
Bonsoir,
1/
Tu as déjà lancé ADWCleaner, est ce que tu peux poster le rapport ?
Il se trouve ici : C:\AdwCleaner\AdwCleaner[x].txt

2/
--> Copie tout le texte présent en gras ci-dessous (Sélectionne-le, clique droit dessus et choisis "Copier").



Script ZHPFix
EmptyPrefetch
ShortcutFix
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_84] Clé orpheline =>PUA.FSTfr9
[MD5.00000000000000000000000000000000] [APT] [{B3F23F36-02B8-498D-A72E-58A79CC49341}] (...) -- c:\users\quitale\appdata\local\lollipop\lollipop.bat (.not file.) [0] =>Adware.Lollipop
O45 - LFCP:[MD5.B4BAC7379651D6DFC524F16BEB8E6D3A] - 12/02/2014 - 02:23:48 ---A- - C:\Windows\Prefetch\FST_FR_0702-FE48FD23.TMP-B1E02EBD.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.35159F0A6B5940918C7731A7BB4863B3] - 19/02/2014 - 23:31:54 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-869E0283.pf =>PUP.Wajam
O45 - LFCP:[MD5.C009C18B174948AD00A217BA073C821F] - 19/02/2014 - 23:32:51 ---A- - C:\Windows\Prefetch\MYSEARCHDIALSRV.EXE-9836EEE8.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.8F85B6EF1231934FD229AD2F0875CC20] - 19/02/2014 - 23:34:20 ---A- - C:\Windows\Prefetch\MYSEARCHDIAL.EXE-E0D7897A.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.A572F2FF8E8899149CE4AB77A742FADF] - 19/02/2014 - 23:35:13 ---A- - C:\Windows\Prefetch\UPDATEFINDRIGHT.EXE-86056448.pf =>Hijacker.FindrToolbar
O45 - LFCP:[MD5.97D015D6199F5E474EEC3126C53BE5D9] - 19/02/2014 - 23:35:19 ---A- - C:\Windows\Prefetch\FINDRIGHT.FIRSTRUN.EXE-290AD520.pf =>Hijacker.FindrToolbar
O45 - LFCP:[MD5.EE77A7279D302C887A0B41ADA2B29766] - 21/02/2014 - 01:43:49 ---A- - C:\Windows\Prefetch\LOLLIPOP_ANTIVIRUS_1302-27BC6-76EA3B0F.pf =>Adware.Lollipop
O45 - LFCP:[MD5.C2CD070A3EE8C2B70E7857BD78D3B6ED] - 21/02/2014 - 01:43:55 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-499C0324.pf =>Adware.Lollipop
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_84 =>PUA.FSTfr9^
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline => Toolbar.Norton
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay

EmptyCLSID
EmptyFlash
EmptyTemp


=> Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.
(Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur)
=> Une fois ZHPFix ouvert, clique sur "importer" puis sur "ok" et ensuite colle le texte dans la fenêtre, clique sur GO en bas de page et confirme par oui pour lancer le nettoyage des données

=> laisse travailler l'outil et ne touche à rien ...
=> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !


Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
Ce rapport est copié sur le bureau

( ce rapport est en outre sauvegardé dans ce dossier C:/ZHP/ZHPDIAG)

===================================
Aide :http://helper-formation.fr/entraide/viewtopic.php?f=31&t=2333


0
Réponse 2 / 5
quitale Messages postés 6 Date d'inscription samedi 4 octobre 2008 Statut Membre Dernière intervention 1 mars 2014
27 févr. 2014 à 20:06
voici le rapport adwcleaner que j'ai refait avant le zhpfix

# AdwCleaner v3.020 - Rapport créé le 27/02/2014 à 19:54:31
# Mis à jour le 27/02/2014 par Xplode
# Système d'exploitation : Windows 8.1 (64 bits)
# Nom d'utilisateur : quitale - MOI
# Exécuté depuis : C:\Users\quitale\Desktop\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (fr)

[ Fichier : C:\Users\quitale\AppData\Roaming\Mozilla\Firefox\Profiles\bbi3377m.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [9012 octets] - [19/02/2014 02:44:07]
AdwCleaner[R1].txt - [7020 octets] - [20/02/2014 00:10:24]
AdwCleaner[R2].txt - [1934 octets] - [21/02/2014 01:57:03]
AdwCleaner[R3].txt - [1230 octets] - [21/02/2014 02:09:11]
AdwCleaner[R4].txt - [1348 octets] - [22/02/2014 02:32:57]
AdwCleaner[R5].txt - [1385 octets] - [25/02/2014 02:55:46]
AdwCleaner[R6].txt - [1591 octets] - [27/02/2014 18:56:30]
AdwCleaner[R7].txt - [1626 octets] - [27/02/2014 19:53:25]
AdwCleaner[S0].txt - [8859 octets] - [19/02/2014 02:47:16]
AdwCleaner[S1].txt - [6211 octets] - [20/02/2014 00:12:05]
AdwCleaner[S2].txt - [1961 octets] - [21/02/2014 02:00:13]
AdwCleaner[S3].txt - [1293 octets] - [21/02/2014 02:40:24]
AdwCleaner[S4].txt - [1411 octets] - [22/02/2014 02:34:37]
AdwCleaner[S5].txt - [1447 octets] - [25/02/2014 02:57:04]
AdwCleaner[S6].txt - [1653 octets] - [27/02/2014 18:57:52]
AdwCleaner[S7].txt - [1547 octets] - [27/02/2014 19:54:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1607 octets] ##########
0
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
27 févr. 2014 à 20:39
La procédure de ZHPFix n'est pas lié à celle de ADWCleaner! :-)
Refais stp la procédure (ZHPFix) expliqué ici en 2/ : https://forums.commentcamarche.net/forum/affich-29786830-pc-neuf-mais-tres-tres-lent#1
0
Réponse 3 / 5
quitale Messages postés 6 Date d'inscription samedi 4 octobre 2008 Statut Membre Dernière intervention 1 mars 2014
27 févr. 2014 à 20:52
la procédure zhpfix refaite.
rapport:

Rapport de ZHPFix 2014.2.16.5 par Nicolas Coolman, Update du 16/02/2014
Fichier d'export Registre :
Run by quitale at 27/02/2014 20:50:28
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Corbeille vidée (00mn 03s)
Dossier Prefetcher vidé
Réparation des raccourcis navigateur

========== Eléments de donnée du Registre ==========
REMPLACÉ Value NoActiveDesktopChanges : Good (0) - Bad (1)

========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide
SUPPRIMÉS Flash Cookies (0)
SUPPRIMÉS Temporaires Windows (0)

========== Fichiers ==========
SUPPRIMÉS Flash Cookies (0) (0 octets)
SUPPRIMÉS Temporaires Windows (0) (0 octets)


========== Récapitulatif ==========
1 : Eléments de donnée du Registre
3 : Dossiers
2 : Fichiers


End of clean in 00mn 12s

========== Chemin de fichier rapport ==========
C:\Users\quitale\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/02/2014 20:03:23 [1952]
C:\Users\quitale\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/02/2014 20:50:32 [977]
0
Réponse 4 / 5
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
28 févr. 2014 à 20:14
Bonsoir,
1/
Lance Malwarebytes, fais la mise à jour, choisis une analyse complète, supprime tous ce qu'il trouve puis poste le rapport stp

2/
Lance ZHPDiag depuis le bureau, lance l'analyse et héberge le rapport. colle le lien dans ta prochaine réponse

Bonne soirée
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
quitale Messages postés 6 Date d'inscription samedi 4 octobre 2008 Statut Membre Dernière intervention 1 mars 2014
1 mars 2014 à 02:18
bonsoir,
rapport malwarebytes:

Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.02.28.10

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
quitale :: MOI [administrateur]

Protection: Activé

01/03/2014 00:42:33
mbam-log-2014-03-01 (00-42-33).txt

Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 369547
Temps écoulé: 1 heure(s), 5 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1
C:\Users\quitale\Downloads\Google%20Earth.exe (PUP.Optional.Solimba) -> Mis en quarantaine et supprimé avec succès.

(fin)

rapport zhpdiag:
~ Rapport de ZHPDiag v2014.2.23.20 - Nicolas Coolman (23/02/2014)
~ Lancé par quitale (01/03/2014 02:10:39)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16518
MFIE: Mozilla Firefox 27.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : JHRD6
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.10 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: AMD64 Family 22 Model 0 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3546 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 410 GB (92%) free of 443 GB

---\\ Mode de connexion au système
~ Computer Name: MOI
~ User Name: quitale
~ All Users Names: quitale, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\quitale\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\quitale\AppData\Roaming\
~ %Desktop% : C:\Users\quitale\Desktop\
~ %Favorites% : C:\Users\quitale\Favorites\
~ %LocalAppData% : C:\Users\quitale\AppData\Local\
~ %StartMenu% : C:\Users\quitale\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 410 Go of 443 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 22 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/02/2014 - 10:24:52.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/11/2013 - 08:08:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/466
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/34
~ Mon Bureau (My Desktop) : 1/8
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2868]
[MD5.F5D595BBAC654CD391E824043F7FEDFB] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144] [PID.1356]
[MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904] [PID.3820]
[MD5.A4C34F9AAE33EC99D8ED5299F856C9D8] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224] [PID.4548]
[MD5.3B328976E4DEDE1B87B246D16DBDFFF9] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.3352]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.4296]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3292]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.4596]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\quitale\AppData\Roaming\Mozilla\Firefox\Profiles\bbi3377m.default\prefs.js
~ Firefox Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: AMD Start Now Technology.lnk . (.ATI Technologies Inc. - Catalyst Control Centre: Command Line Inter.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\CLI.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [quitale]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [quitale]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [quitale]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 37 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Company - Hp Accelerometer System Tray.) -- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Service] . (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BCFDD84-50B5-4CE5-8FC5-FAE9458E2D6D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8407975-BC4E-416D-AD34-73D7BC84DB42}: DhcpNameServer = 20.20.1.1 20.20.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{8BCFDD84-50B5-4CE5-8FC5-FAE9458E2D6D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B8407975-BC4E-416D-AD34-73D7BC84DB42}: DhcpNameServer = 20.20.1.1 20.20.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AdaptiveSleepService (AdaptiveSleepService) . (...) - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor - Realtek Audio Service.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
~ Services: 14 Legitimates Filtered in 01mn 13s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 09s



---\\ Logiciels installés (O42)
O42 - Logiciel: OEM Application Profile - (.Nom de votre société.) [HKLM][64Bits] -- {70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}
~ Logic: 22 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/07/2013 - 22:16:29 - [41,208] ----D C:\ProgramData\{4A268D42-77A5-4E91-AE73-470ED3BD9CA8}
O43 - CFD: 02/02/2014 - 17:30:31 - [1,063] ----D C:\Users\quitale\AppData\Roaming\0V1L2Z2Z1T1I1L1T
~ Program Folder: 123 Legitimates Filtered in 00mn 25s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4B916278E1487A5CD5F8F9A521980026] - 15/02/2014 - 01:47:12 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385614]
~ Files: 52 Legitimates Filtered in 00mn 34s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.2E84F1DF3227ADB532A0B9A9780D31A3] - 01/03/2014 - 00:48:17 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.60C1475960AC06C512332AA645220CAE] - 01/03/2014 - 01:46:52 ---A- - C:\Windows\Prefetch\ACCELEROMETERST.EXE-9AE5C81D.pf
O45 - LFCP:[MD5.64AF7B435FD6EEB22657C20A2D771881] - 01/03/2014 - 02:01:18 ---A- - C:\Windows\Prefetch\PfPre_b2e8fffd.db
O45 - LFCP:[MD5.E8F5D9B7B293EF59E79D2BE4A220BB91] - 01/03/2014 - 02:04:15 ---A- - C:\Windows\Prefetch\YOUCAM_WEBCAM_CAMERA_VIDEO.EX-51E3F77E.pf
O45 - LFCP:[MD5.59375A39593AB7D544A195C0E86EF827] - 27/02/2014 - 22:09:39 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.C9566F260421EF71E5F011BE69C3D197] - 28/02/2014 - 18:35:56 ---A- - C:\Windows\Prefetch\6CA1A1A8-868F-4D6E-868B-72ACD-267D9E8A.pf
O45 - LFCP:[MD5.4F2CDAC1186111E6A6154437F46D6D5C] - 28/02/2014 - 18:38:02 ---A- - C:\Windows\Prefetch\GLCND.EXE-02A191A6.pf
O45 - LFCP:[MD5.0C698C40504D6E23F20809074ED5C2EF] - 28/02/2014 - 21:24:29 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf
O45 - LFCP:[MD5.81D7A4F259B6B140E9537AABF831D996] - 28/02/2014 - 23:56:53 ---A- - C:\Windows\Prefetch\CLMSHARDWARETRANSCODE.EXE-D85821E5.pf
O45 - LFCP:[MD5.408C2FF0FF020865455C688BEBA52E0C] - 28/02/2014 - 23:56:53 ---A- - C:\Windows\Prefetch\CLMSSERVERPDVD12.EXE-A309F880.pf
O45 - LFCP:[MD5.BD238C4F97555E2D0DB30B1158A602DE] - 28/02/2014 - 23:56:53 ---A- - C:\Windows\Prefetch\SMRTADPTR.EXE-9A49AE8F.pf
~ Prefetcher: 136 Legitimates Filtered in 00mn 01s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 02/02/2014 - 20:51:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 02/02/2014 - 20:51:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 17 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/03/2014 - 02:13:37 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\Log.txt [55982] =>.Nicolas Coolman
O61 - LFC: 01/03/2014 - 02:13:37 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\TestsZHPDiag.txt [2879] =>.Nicolas Coolman
O61 - LFC: 27/02/2014 - 02:13:37 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 27/02/2014 - 02:13:37 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\ZHPDiag.txt [42286] =>.Nicolas Coolman
O61 - LFC: 27/02/2014 - 02:13:37 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\ZHPExportRegistry-27-02-2014-20-03-23.txt [8366] =>.Nicolas Coolman
O61 - LFC: 27/02/2014 - 02:13:37 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\ZHPFixQuarantine.txt [1110] =>.Nicolas Coolman
O61 - LFC: 27/02/2014 - 02:13:37 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\ZHPFix[R1].txt [1952] =>.Nicolas Coolman
O61 - LFC: 27/02/2014 - 02:13:37 ---A- . (...) -- C:\Users\quitale\AppData\Roaming\ZHP\ZHPFix[R2].txt [1058] =>.Nicolas Coolman
~ 1 Fichiers temporaires (Temporary files)
~ Files: 32 Legitimates Filtered in 00mn 11s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {7C2C1785-7B87-4E41-9A46-D5EDDF58034A} - (Propositions de recherche Amazon.fr) - https://www.amazon.fr/
~ Keys: Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{9C9124AB-448F-41CD-BAE9-37C149563943}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "{C1632535-910F-462D-B0C0-0F05831F044F}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
~ Firewall: 253 Legitimates Filtered in 00mn 01s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 09/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 17/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 16/04/2013 103424 | (AdaptiveSleepService) . (...) - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 16/04/2013 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 02/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/06/2013 77576 | (CyberLink PowerDVD 12 Media Server Monitor Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
SR - | Auto 26/06/2013 294664 | (CyberLink PowerDVD 12 Media Server Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
SR - | Auto 07/06/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 07/06/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 01/03/2013 43320 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 03/05/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 19/06/2013 246488 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

~ Services: Scanned in 00mn 11s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by quitale at 01/03/2014 02:14:45
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by quitale at 01/03/2014 02:14:48

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (23/02/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 238657 Items scanned in 00mn 50s



~ 1083 Legitimates filtered by white list
End of the scan (379 lines in 05mn 00s)(0)



mais j 'ai un nouveau problème, j'ai voulu ouvrir cjoint.com et j'ai eu un écran noir avec marqué:" je t'es kill hacked deface by hacker FL0w". est ce que j'ai un nouveau problème?
merci
0
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
1 mars 2014 à 09:49
Bonjour,
Rien d'anormal dans le rapport! :-)
Tiens moi au courant si tu as encore des problèmes...
0