~ Rapport de ZHPDiag v2013.8.29.381 - Nicolas Coolman (29/08/2013) ~ Lancé par plom (02/01/2002 08:27:24) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16660 MFIE: Mozilla Firefox 23.0.1 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : PV9HW Windows License : OK ~ Windows Remaining Initializations Number : 1 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Java 7 Update 25 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 12287 MB (83% free) System Restore: Désactivé (Disabled) System drive C: has 436 GB (93%) free of 466 GB ---\\ Mode de connexion au système ~ Computer Name: PLOM-PC ~ User Name: plom ~ All Users Names: UpdatusUser, plom, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppData% : C:\Users\plom\AppData\Roaming\ ~ %Desktop% : C:\Users\plom\Desktop\ ~ %Favorites% : C:\Users\plom\Favorites\ ~ %LocalAppData% : C:\Users\plom\AppData\Local\ ~ %StartMenu% : C:\Users\plom\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 436 Go of 466 Go) D:\ Floppy drive, Flash card reader, USB Key (Not Inserted) E:\ CD-ROM drive (Not Inserted) F:\ CD-ROM drive (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ~ Security Center: 34 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.24/02/2011 - 22:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.13/07/2009 - 17:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.27/08/2013 - 18:53:26.) -- C:\Windows\System32\wininet.dll [2241024] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 19:24:29.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 19:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/12/2011 - 19:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 17:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 15:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 19:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 19:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 19:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 15:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 16:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 18:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 19:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 06:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 16:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 19:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 19:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 16:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 19:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 19:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/4 ~ Mes musiques (My Musics) : 1/175 ~ Mes Videos (My Videos) : 1/57 ~ Mes Favoris (My Favorites) : 1/4 ~ Mes Documents (My Documents) : 2/181 ~ Mon Bureau (My Desktop) : 1/60 ~ Menu demarrer (Programs) : 1/31 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés au démarrage du système [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1568] [MD5.6B412FCE75E2B1462C71D17B6E5C1484] - (.NVIDIA Corporation - NVIDIA Update COM object.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe [1209120] [PID.2600] [MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [276376] [PID.2992] [MD5.72EF708552059546B1AAA82E7AA59439] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.1852] [MD5.D8425B8D6DC2AA8D871363B0775BCF18] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe [1861512] [PID.2632] [MD5.F6ABD8C137A4FBAF0ECC2C5A15B27415] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [315478] [PID.632] [MD5.27502022B75551385957D223DD9CB72B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7842304] [PID.4452] [MD5.F2A11A54C884C620A93B4AF7DBB4618D] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [414496] [PID.736] [MD5.5CE3D0E1D1B3832EE052CFC442EEE0FA] - (.Creative Technology Ltd - Creative Audio Service.) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720] [PID.496] [MD5.EEEF9BD99A298BB88D985AAA47AE3222] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [854016] [PID.1528] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1980] [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1288] [MD5.056EF5C4AF4BD002AEAE417412C8EB71] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1889568] [PID.2108] [MD5.777788D9B63CCEEEF2DB353BA4EDD454] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14904] [PID.1452] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\plom\AppData\Roaming\Mozilla\Firefox\Profiles\pwlvpzad.default\prefs.js ~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1 ~ IE Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-1816816941-285739573-1723929529-1003\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-21-1816816941-285739573-1723929529-1003\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SendTo: Bluetooth.lnk - Clé orpheline O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\SendTo: Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe O4 - GS\Desktop: Auslogics Disk Defrag.lnk . (.Auslogics - Disk Defrag.) -- C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe O4 - GS\Desktop: Kplan.lnk . (.METAGENIA - Kplan : Gestion d'informations.) -- C:\Program Files (x86)\metagenia\kplan\KPlan.exe O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe O4 - GS\Desktop: RT 7 Lite (64-Bit).lnk . (...) -- C:\Program Files (x86)\Rockers Team\RT 7 Lite x64\RTWin7Lite.exe (.not file.) O4 - GS\Desktop: Sniper_x86.exe - Raccourci.lnk . (...) -- C:\Program Files (x86)\CI Games\Sniper Ghost Warrior - Gold Edition\Sniper_x86.exe (.not file.) O4 - GS\Desktop: steam_api.dll - Raccourci.lnk . (...) -- C:\Program Files (x86)\CI Games\Sniper Ghost Warrior - Gold Edition\steam_api.dll (.not file.) O4 - GS\Desktop: steam_rld.ini - Raccourci.lnk . (...) -- C:\Program Files (x86)\CI Games\Sniper Ghost Warrior - Gold Edition\steam_rld.ini (.not file.) ~ Global Startup: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{0CD84B93-0708-4C9B-90C4-70784F5E9C57}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0CD84B93-0708-4C9B-90C4-70784F5E9C57}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0CD84B93-0708-4C9B-90C4-70784F5E9C57}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Titr_HJT34=Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA Rxinput.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll ~ AppInit DLL: Scanned in 00mn 00s ---\\ Enumère les données de BootExecute (BEX) (O34) O34 - HKLM BootExecute: (autocheck autochk /k:g * ) - File not found ~ BEX: 1 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{4CDCFE5B-0831-4034-B856-FA6E0A19D3E7}] (...) -- C:\Users\plom\Downloads\EmuPMX_PCDrv_L6_2_10_00.exe (.not file.) [0] ~ Scheduled Task: 5 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.29205AD2F1F407805557DD7A1F679BCF] - 01/01/2002 - 21:16:04 ---A- . (...) -- C:\Windows\INSTPRO_1-1-2002.log [2562] O44 - LFC:[MD5.D42EBC368FD4AD311AB8DFBF44C3E696] - 01/01/2002 - 22:15:39 ---A- . (...) -- C:\BIO [1048576] O44 - LFC:[MD5.7D516C6BB5BEB7D6795EB262D0476D4A] - 31/12/2001 - 23:30:58 RSH-- . (...) -- C:\VHIGN [370741] O44 - LFC:[MD5.E4B860A7119692C7037EADAC3D96348F] - 31/12/2001 - 23:30:58 RSH-- . (...) -- C:\win7.ld [20] ~ Files: 31 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.7D34B958C142CC74873A4B71223C6D8A] - 02/01/2002 - 08:19:26 ---A- - C:\Windows\Prefetch\NVSTREAMSVC.EXE-7E5D3EEF.pf O45 - LFCP:[MD5.C5D0BF4C710C754022B91DC675F61F41] - 28/08/2013 - 05:44:01 ---A- - C:\Windows\Prefetch\POKKI.EXE-7521DB56.pf O45 - LFCP:[MD5.6668461A890F31E08A51417993DBFD0C] - 28/08/2013 - 10:05:36 ---A- - C:\Windows\Prefetch\NVSTREAMSVC.EXE-5E19636C.pf O45 - LFCP:[MD5.569FC285929A0324F6665561DB5E74CD] - 28/08/2013 - 17:05:46 ---A- - C:\Windows\Prefetch\PRECOMP038.EXE-7677C0DC.pf O45 - LFCP:[MD5.51C0F48B979907101CB83C67AB0C919D] - 28/08/2013 - 18:01:52 ---A- - C:\Windows\Prefetch\PRECOMP038.EXE-17EB68A6.pf O45 - LFCP:[MD5.F84252FA496FA2B251540E49B8F4C8CD] - 28/08/2013 - 22:01:18 ---A- - C:\Windows\Prefetch\GFEXPERIENCE.EXE-03B6FA83.pf O45 - LFCP:[MD5.D746008F055365E96B0B7F97F3B92D0F] - 28/08/2013 - 22:08:45 ---A- - C:\Windows\Prefetch\POKKI.EXE-7DB938C9.pf ~ Prefetcher: 79 Legitimates Filtered in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{8b9cc3ab-0f91-11e3-967b-90e6ba834021}\AutoRun\command. (...) -- F:\setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\tsiVideo [Key] . (...) -- C:\Users\plom\AppData\Local\Temp\tsiVi332.dll (.not file.) ~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.2219A3D695405E7BA2186BA6B9EDE14A] - 13/05/2009 - 17:26:24 . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [15416] O58 - SDL:[MD5.8065A7659562005127673AC52898675F] - 17/12/2007 - 01:14:12 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [14392] ~ Drivers: 17 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 01/01/2002 - 22:50:48 ---A- . (...) -- C:\Users\plom\Downloads\P8H61-M-EVO-ASUS-4502.zip [3212301] O61 - LFC: 01/01/2002 - 23:09:53 ---A- . (...) -- C:\Users\plom\Downloads\P5QL-ASUS-EPU-0408.zip [630342] O61 - LFC: 01/06/2009 - 16:35:52 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\setup_notReboot.iss [665] O61 - LFC: 01/08/2013 - 05:39:50 ---A- . (...) -- C:\Users\plom\AppData\Roaming\Microsoft\MMC\eventvwr [139727] O61 - LFC: 01/09/2009 - 11:54:00 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Change Theme.wav [2259808] O61 - LFC: 02/01/2002 - 08:16:39 ---A- . (...) -- C:\Users\plom\Downloads\adwcleaner.exe [994642] O61 - LFC: 02/06/2009 - 10:24:40 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Fonts\Eurostile.TTF [38116] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\1.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\157.ico [59762] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16739.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16741.ico [17542] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16742.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16744.ico [85169] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16746.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16748.ico [1150] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16755.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16756.ico [1150] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16757.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16758.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16759.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16760.ico [1150] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16761.ico [9622] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16767.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16769.ico [93334] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16770.ico [17542] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\16783.ico [16822] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\181.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\182.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\183.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\184.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\185.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\2.ico [17542] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\21.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\223.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\26.ico [7886] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\270.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\274.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\277.ico [17542] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\278.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\281.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\282.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\283.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\299.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\3.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\303.ico [17542] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\305.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\314.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\323.ico [145826] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\324.ico [17542] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\329.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\36.ico [15086] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\512.ico [85169] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\62998.ico [9622] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\62999.ico [8478] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\63000.ico [9622] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\63001.ico [9622] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\63008.ico [9622] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\63009.ico [9622] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\63010.ico [9622] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\63011.ico [9622] O61 - LFC: 02/11/2010 - 21:17:23 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\8240.ico [7886] O61 - LFC: 04/04/2005 - 13:50:02 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\setup.isn [250296] O61 - LFC: 07/04/2005 - 06:39:06 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\engine32.cab [543481] O61 - LFC: 07/09/2010 - 16:40:14 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\IDEDrvSetup.exe [39512] O61 - LFC: 07/09/2010 - 16:40:14 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\xIDE64Setup.exe [10840] O61 - LFC: 07/09/2010 - 16:40:18 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\xIDESetup.exe [9304] O61 - LFC: 07/09/2010 - 16:40:32 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\xInsD64.dll [34392] O61 - LFC: 07/09/2010 - 16:40:32 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\xInsDrv.dll [35416] O61 - LFC: 07/09/2010 - 16:40:32 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\xInsIDE.exe [43608] O61 - LFC: 07/09/2010 - 16:40:32 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\xLhDrv.dll [20056] O61 - LFC: 07/09/2010 - 16:40:32 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\xLink.exe [21080] O61 - LFC: 07/09/2010 - 16:40:44 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\x64\xLhD64.dll [21592] O61 - LFC: 08/05/2007 - 19:03:02 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Readme.txt [300] O61 - LFC: 08/08/2009 - 05:34:10 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Speech Disambiguation.wav [153644] O61 - LFC: 08/08/2009 - 05:34:12 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Speech Misrecognition.wav [71212] O61 - LFC: 08/08/2009 - 05:34:12 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Speech Off.wav [188460] O61 - LFC: 08/08/2009 - 05:34:12 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Speech On.wav [147500] O61 - LFC: 08/08/2009 - 05:34:12 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Speech Sleep.wav [128812] O61 - LFC: 08/08/2009 - 05:34:14 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Menu Command.wav [133456] O61 - LFC: 08/08/2009 - 05:34:16 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Navigation Start.wav [138420] O61 - LFC: 08/08/2009 - 05:34:16 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Pop-up Blocked.wav [158644] O61 - LFC: 08/08/2009 - 05:34:16 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Print Complete.wav [183672] O61 - LFC: 08/08/2012 - 18:51:10 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Floppy32\txtsetup.oem [1684] O61 - LFC: 08/08/2012 - 18:51:10 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Floppy64\txtsetup.oem [1684] O61 - LFC: 08/10/2010 - 13:02:09 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Shell32.dll\28.ico [150849] O61 - LFC: 09/05/2008 - 23:27:18 ---A- . (.Acresso Software Inc..) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\_Setup.dll [324920] O61 - LFC: 09/12/2010 - 18:30:05 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Logoff.wav [173906] O61 - LFC: 09/12/2010 - 18:35:22 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Start.wav [158012] O61 - LFC: 09/12/2010 - 18:36:29 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows User Account Control.wav [122484] O61 - LFC: 09/12/2010 - 18:37:50 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Logon.wav [216372] O61 - LFC: 09/12/2010 - 18:38:45 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Critical Stop.wav [61522] O61 - LFC: 09/12/2010 - 18:51:46 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Battery Low.wav [66220] O61 - LFC: 09/12/2010 - 18:58:41 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Battery Critical.wav [79274] O61 - LFC: 09/12/2010 - 19:05:44 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Hardware Fail.wav [29578] O61 - LFC: 09/12/2010 - 19:06:56 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Feed Discovered.wav [37476] O61 - LFC: 09/12/2010 - 19:10:09 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Hardware Insert 2.wav [60482] O61 - LFC: 09/12/2010 - 20:30:50 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Ringin.wav [44762] O61 - LFC: 10/09/2008 - 22:33:50 ---A- . (.Acresso Software Inc..) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\ISSetup.dll [555520] O61 - LFC: 11/08/2006 - 21:37:24 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\res\AboutTitle.bmp [33536] O61 - LFC: 11/10/2010 - 17:07:14 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Setup.inx [242477] O61 - LFC: 12/12/2010 - 20:13:53 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Error.wav [33740] O61 - LFC: 12/12/2010 - 20:51:36 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Hardware Insert.wav [22624] O61 - LFC: 12/12/2010 - 20:52:12 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Information Bar.wav [36526] O61 - LFC: 12/12/2010 - 20:52:39 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Ding.wav [17986] O61 - LFC: 12/12/2010 - 20:56:22 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Notify.wav [52750] O61 - LFC: 12/12/2010 - 20:58:37 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Hardware Remove.wav [41164] O61 - LFC: 12/12/2010 - 21:06:05 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Pop_up Blocked.wav [23782] O61 - LFC: 12/12/2010 - 22:44:10 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Recycle.wav [173064] O61 - LFC: 12/12/2010 - 22:47:50 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Exclamation.wav [44636] O61 - LFC: 12/12/2010 - 22:49:19 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Default.wav [18174] O61 - LFC: 13/07/2013 - 00:46:42 ---A- . (...) -- C:\Users\plom\Documents\Downloads\C03_pfr\TraductionJeux.com.url [52] O61 - LFC: 13/12/2010 - 12:02:05 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Minimize.wav [68376] O61 - LFC: 13/12/2010 - 12:09:19 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Restore.wav [58984] O61 - LFC: 14/11/2008 - 23:01:32 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\setup.iss [665] O61 - LFC: 17/05/2013 - 13:55:00 ---A- . (...) -- C:\Users\plom\Downloads\P8H61-M-EVO-ASUS-4502.ROM [4194304] O61 - LFC: 17/07/2010 - 13:25:07 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\Wait.ani [43104] O61 - LFC: 17/07/2010 - 13:27:29 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\Help.ani [8688] O61 - LFC: 17/07/2010 - 13:27:41 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\Handwriting.ani [4386] O61 - LFC: 17/07/2010 - 13:28:14 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\Cross.ani [8688] O61 - LFC: 17/07/2010 - 13:28:31 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\Button.ani [8688] O61 - LFC: 17/07/2010 - 13:28:47 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\Arrow_Down.ani [4386] O61 - LFC: 17/07/2010 - 13:29:24 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\AppStarting.ani [21594] O61 - LFC: 17/07/2010 - 13:30:46 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\install.inf [1300] O61 - LFC: 17/08/2009 - 01:55:26 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Shutdown.wav [1646942] O61 - LFC: 17/09/2012 - 13:50:18 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Driver\amd64\jraid_i.inf [51542] O61 - LFC: 17/09/2012 - 13:50:18 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Driver\x32\jraid_i.inf [51526] O61 - LFC: 17/09/2012 - 13:50:18 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Floppy32\jraid_f.inf [2890] O61 - LFC: 17/09/2012 - 13:50:18 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Floppy64\jraid_f.inf [2906] O61 - LFC: 18/07/2010 - 16:07:24 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\Hand.ani [21594] O61 - LFC: 18/07/2010 - 16:07:51 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\Arrow.ani [8688] O61 - LFC: 18/07/2010 - 16:08:19 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\SizeAll.ani [17292] O61 - LFC: 18/07/2010 - 16:08:30 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\SizeNESW.ani [17292] O61 - LFC: 18/07/2010 - 16:08:37 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\SizeNS.ani [17292] O61 - LFC: 18/07/2010 - 16:08:52 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\SizeNWSE.ani [17292] O61 - LFC: 18/07/2010 - 16:09:03 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\SizeWE.ani [17292] O61 - LFC: 18/07/2010 - 16:09:29 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\UpArrow.ani [8688] O61 - LFC: 18/07/2010 - 16:13:32 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\NO.ani [21594] O61 - LFC: 18/07/2010 - 16:59:50 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Cursors\Glass Maxx\IBeam.ani [30198] O61 - LFC: 18/08/2006 - 20:43:18 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\res\wizardLogo.bmp [60608] O61 - LFC: 18/08/2006 - 22:03:50 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\res\aboutLogo.bmp [38072] O61 - LFC: 18/08/2006 - 22:03:50 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\res\controllerLogo.bmp [38072] O61 - LFC: 18/11/2010 - 15:51:52 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\setup.ibt [456313] O61 - LFC: 18/11/2010 - 15:51:58 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\data1.cab [1157543] O61 - LFC: 18/11/2010 - 15:52:00 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\data1.hdr [17817] O61 - LFC: 18/11/2010 - 15:52:00 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\data2.cab [512] O61 - LFC: 18/11/2010 - 15:52:00 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\layout.bin [473] O61 - LFC: 18/12/2009 - 14:37:29 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Fonts\Eurostile_Extended.ttf [33624] O61 - LFC: 18/12/2009 - 14:40:39 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Fonts\Eurostile_Bold.ttf [25352] O61 - LFC: 19/09/2012 - 09:19:14 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Driver\amd64\jraid.cat [79185] O61 - LFC: 19/09/2012 - 09:19:14 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Driver\x32\jraid.cat [79077] O61 - LFC: 19/09/2012 - 09:19:14 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Floppy32\jraid.cat [79077] O61 - LFC: 19/09/2012 - 09:19:14 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Floppy64\jraid.cat [79185] O61 - LFC: 20/06/2007 - 08:08:20 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\jmide\jmide.cat [11099] O61 - LFC: 20/08/2006 - 23:09:00 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\res\RaidGUI.bmp [1646820] O61 - LFC: 20/09/2010 - 17:50:40 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Sound Scheme\Windows Balloon.wav [51182] O61 - LFC: 21/10/2010 - 12:56:18 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\silentsetup.bat [32] O61 - LFC: 22/08/2006 - 16:35:58 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\res\RaidCompanyLogo.bmp [11808] O61 - LFC: 22/08/2006 - 16:48:28 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\res\RaidWndTitle.bmp [43976] O61 - LFC: 23/04/2007 - 15:14:24 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\jmide\jmide.inf [2367] O61 - LFC: 23/10/2002 - 16:32:38 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\setup.skin [243858] O61 - LFC: 24/11/2007 - 09:08:33 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Fonts\MicrogrammaDEEBolExt.ttf [48644] O61 - LFC: 24/11/2007 - 09:08:33 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Fonts\MicrogrammaDMedExt.ttf [55796] O61 - LFC: 25/08/2006 - 17:10:30 ---A- . (...) -- C:\Users\plom\Videos\R1.17.65.11_eSATA\Application\res\RaidLogo.ico [2238] O61 - LFC: 25/08/2013 - 09:27:02 ---A- . (...) -- C:\Users\plom\Documents\Downloads\MaConfig_win.exe [255856] O61 - LFC: 25/08/2013 - 13:10:34 ---A- . (...) -- C:\Users\plom\Documents\Downloads\AEyrC.dll [180736] O61 - LFC: 25/08/2013 - 13:25:42 ---A- . (...) -- C:\Users\plom\Documents\Downloads\C03_pfr.rar [487470359] O61 - LFC: 26/08/2013 - 18:37:09 --HA- . (...) -- C:\Users\plom\Documents\Default.rdp [0] O61 - LFC: 27/08/2013 - 17:05:36 R-HA- . (...) -- C:\Users\plom\Searches\Everywhere.search-ms [248] O61 - LFC: 27/08/2013 - 17:05:36 R-HA- . (...) -- C:\Users\plom\Searches\Indexed Locations.search-ms [248] O61 - LFC: 27/08/2013 - 18:41:57 ---A- . (...) -- C:\Users\plom\Links\Desktop.lnk [469] O61 - LFC: 27/08/2013 - 18:41:57 ---A- . (...) -- C:\Users\plom\Links\Downloads.lnk [920] O61 - LFC: 27/08/2013 - 18:41:57 ---A- . (...) -- C:\Users\plom\Links\RecentPlaces.lnk [383] O61 - LFC: 27/08/2013 - 19:19:18 R--A- . (...) -- C:\Users\plom\AppData\Roaming\Microsoft\Installer\{DDEBB7D6-671C-468D-98EB-EF9F1A1BC524}\RTWin7Lite.exe [370070] O61 - LFC: 27/08/2013 - 19:19:53 ---A- . (...) -- C:\Users\plom\AppData\Local\GDIPFONTCACHEV1.DAT [54960] O61 - LFC: 28/08/2013 - 21:59:38 ---A- . (...) -- C:\Users\plom\Videos\JMB36X_WinDrv_R1.17.65_WHQL_eSATA.zip [4678754] O61 - LFC: 29/03/2011 - 12:37:14 ---A- . (.Andreas Verhoeven.) -- C:\Users\plom\Documents\FerrariNonGlass\FerrariNonGlass.msstyles [2096128] O61 - LFC: 29/03/2011 - 14:07:31 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Icons\MyComputer5.ico [190297] O61 - LFC: 29/03/2011 - 14:09:53 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Icons\Network5.ico [194108] O61 - LFC: 29/03/2011 - 14:10:40 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Icons\User5.ico [214893] O61 - LFC: 29/03/2011 - 14:14:24 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Icons\RecycleEmpty5.ico [173256] O61 - LFC: 29/03/2011 - 14:15:42 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass\Icons\RecycleFull5.ico [226106] O61 - LFC: 29/03/2011 - 16:07:51 ---A- . (...) -- C:\Users\plom\Documents\FerrariNonGlass.theme [8177] O61 - LFC: 30/07/2013 - 15:42:38 ---A- . (...) -- C:\Users\plom\Documents\Downloads\C03_pfr\Crysis 3-PatchFR.exe [487468901] O61 - LFC: 30/07/2013 - 15:46:18 ---A- . (...) -- C:\Users\plom\Documents\Downloads\C03_pfr\A lire.txt [1148] ~ 80 Fichiers temporaires (Temporary files) ~ Files: 1031 Legitimates Filtered in 00mn 02s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 07/12/2012 - C:\Windows\System32\drivers\ha20x2k.sys (ha20x2k) .(.Creative Technology Ltd - Creative 20X HAL (WDM).) - LEGACY_HA20X2K O64 - Services: CurCS - 04/04/2013 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR O64 - Services: CurCS - 07/12/2012 - C:\Windows\System32\drivers\ctoss2k.sys (ossrv) .(.Creative Technology Ltd. - Creative OS Services Driver (WDM).) - LEGACY_OSSRV O64 - Services: CurCS - 10/12/2007 - C:\Windows\System32\DRIVERS\RtNdPt60.sys (RtNdPt60) .(.Windows (R) Codename Longhorn DDK provider - NDIS User mode I/O Driver.) - LEGACY_RTNDPT60 O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV ~ Legacy: 118 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {9572C2C8-C9E5-42C0-9D87-71E5DDB90CB0} - (01NET.com V1 Customized Web Search) - http://search.conduit.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.18FAC955E37E931A8F2289614F123233] [SPRF][01/01/2002] (...) -- C:\Users\plom\AppData\Local\Temp\1009953730805_DriverUtils.dll [98304] [MD5.18FAC955E37E931A8F2289614F123233] [SPRF][01/01/2002] (...) -- C:\Users\plom\AppData\Local\Temp\1009953854147_DriverUtils.dll [98304] [MD5.18FAC955E37E931A8F2289614F123233] [SPRF][01/08/2013] (...) -- C:\Users\plom\AppData\Local\Temp\1375346660267_DriverUtils.dll [98304] [MD5.11D751D299B9ABDC77BFF4156C75C4CF] [SPRF][01/08/2013] (...) -- C:\Users\plom\AppData\Local\Temp\bitool.dll [38480] [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][07/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\plom\AppData\Local\Temp\nsj8FD4.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][07/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\plom\AppData\Local\Temp\nsnECA2.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][07/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\plom\AppData\Local\Temp\nso1F37.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][07/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\plom\AppData\Local\Temp\nso748A.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][07/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\plom\AppData\Local\Temp\nst8349.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][07/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\plom\AppData\Local\Temp\nst989D.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][07/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\plom\AppData\Local\Temp\nsy7A8F.exe [110936] =>Toolbar.Conduit [MD5.D07444BDB22757545CD2FA91654F2FD0] [SPRF][24/08/2013] (...) -- C:\Users\plom\AppData\Local\Temp\Quarantine.exe [328019] [MD5.EA5C1D73FB6840B69E5034ACE95684AF] [SPRF][17/07/2013] (.Conduit - Search Protect by conduit.) -- C:\Users\plom\AppData\Local\Temp\SPStub.exe [68968] =>Toolbar.Conduit [MD5.8DE9D8FDA8DF6DD2E1B99A1F297FAA8A] [SPRF][17/07/2013] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\plom\AppData\Local\Temp\tb01NE.dll [5134624] =>Toolbar.Conduit [MD5.943F313974A830D4634C73BEB8103F5E] [SPRF][17/07/2013] (.Conduit Ltd. - ToolbarHelper Application.) -- C:\Users\plom\AppData\Local\Temp\ToolbarHelper.exe [86816] =>Toolbar.Conduit [MD5.12423ACA5EE0D4E928661D95AE578693] [SPRF][16/06/2013] (.Pas de propriétaire - WindowsApplication1.) -- C:\Users\plom\AppData\Local\Temp\visioneuse.exe [18944] [MD5.DA89EA8DD7F1B666BBD5D8140310A1E4] [SPRF][22/10/2010] (...) -- C:\Users\plom\Desktop\Windows Loader.exe [3143755] ~ Files: 19 Legitimates Filtered in 00mn 01s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.BE6E526ACC99A6C1F3E3E9481B3A8072] [WIS][27/08/2013] (.Rockers Team - RT 7 Lite x64.) -- C:\Windows\Installer\12de7f.msi [1468416] ~ WIS: 20 Legitimates Filtered in 00mn 00s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 28/08/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 18/11/2009 854016 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe SR - | Demand 17/11/2009 192000 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe SS - | Demand 29/08/2013 79360 | (Creative Audio Engine Licensing Service) . (.Creative Labs.) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe SR - | Auto 12/02/2010 286720 | (CTAudSvcService) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe SR - | Auto 19/11/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 22/08/2013 2650960 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 14/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 27/07/2013 14984480 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe SR - | Auto 21/08/2013 920864 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 27/07/2013 1889568 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 21/08/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 00\00\0000 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 00s ---\\ Recherche dinfection sur le Master Boot Record (MBR)(O80) Run by plom at 02/01/2002 08:27:53 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by plom at 02/01/2002 08:27:55 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : v2.12869 - (29/08/2013) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 22 [HKLM\Software\Classes\Toolbar.CT3307695] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\Toolbar.CT3307695] =>Toolbar.Conduit C:\Users\plom\AppData\Local\Temp\nsj8FD4.exe =>Toolbar.Conduit^ C:\Users\plom\AppData\Local\Temp\nsnECA2.exe =>Toolbar.Conduit^ C:\Users\plom\AppData\Local\Temp\nso1F37.exe =>Toolbar.Conduit^ C:\Users\plom\AppData\Local\Temp\nso748A.exe =>Toolbar.Conduit^ C:\Users\plom\AppData\Local\Temp\nst8349.exe =>Toolbar.Conduit^ C:\Users\plom\AppData\Local\Temp\nst989D.exe =>Toolbar.Conduit^ C:\Users\plom\AppData\Local\Temp\nsy7A8F.exe =>Toolbar.Conduit^ C:\Users\plom\AppData\Local\Temp\SPStub.exe =>Toolbar.Conduit^ C:\Users\plom\AppData\Local\Temp\tb01NE.dll =>Toolbar.Conduit^ C:\Users\plom\AppData\Local\Temp\ToolbarHelper.exe =>Toolbar.Conduit^ C:\Users\plom\AppData\Local\Temp\nswE67E.tmp =>Adware.MegaSearch ~ Additionnel Scan: 167106 Items scanned in 00mn 14s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com26919368-adware-megasearch =>Adware.MegaSearch ~ MSI: 2 link(s) detected in 00mn 14s ~ 2032 Legitimates filtered by white list End of the scan (629 lines in 00mn 45s)(0)